{"vuid":"VU#386504","idnumber":"386504","name":"glibc does not check SUID bit on libraries in /etc/ld.so.cache","keywords":["glibc","LD_PRELOAD","LD_PROFILE","/etc/ld.so.cache"],"overview":"The GNU libc library fails to perform a check for the SETUID bit for cached libraries in the /etc/ld.so.cache file. As a result, malicious users may create or modify privileged files.","clean_desc":"The GNU libc library allows preloading libraries via the LD_PRELOAD environment variable, provided the entries in the variable don't contain the / character. When running a SUID program, the library also checks to ensure the library being loaded is SUID. Unfortunately, this check is skipped if the library is already in the /etc/ld.so.cache file.","impact":"Malicious users may pre-load libraries into the cache file, and use those libraries to create or modify privileged files.","resolution":"Apply patches available from your operating system vendor; see below.","workarounds":"","sysaffected":"","thanks":"Our thanks to Red-Hat Security for identifying this problem.","author":"This document was last modified by Tim Shimeall","public":["http://www.securityfocus.com/bid/2223","http://www.linuxsecurity.com/advisories/redhat_advisory-1045.html","http://www.linuxsecurity.com/advisories/debian_advisory-1198.html","http://www.linuxsecurity.com/advisories/other_advisory-1349.html","http://www.linuxsecurity.com/advisories/other_advisory-1130.html","http://www.linuxsecurity.com/advisories/mandrake_advisory-1061.html","http://www.linuxsecurity.com/advisories/turbolinux_advisory-1158.html","http://www.linuxsecurity.com/advisories/suse_advisory-1092.html","http://www.linuxsecurity.com/advisories/caldera_advisory-1085.html","http://www.linuxsecurity.com/advisories/other_advisory-1069.html"],"cveids":["CVE-2001-0169"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-01-17T00:09:08Z","publicdate":"2001-01-18T00:00:00Z","datefirstpublished":"2001-05-14T20:09:04Z","dateupdated":"2001-06-20T14:13:27Z","revision":14,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"17","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"17","cam_impact":"19","cam_easeofexploitation":"9","cam_attackeraccessrequired":"10","cam_scorecurrent":"11.991375","cam_scorecurrentwidelyknown":"13.6265625","cam_scorecurrentwidelyknownexploited":"24.5278125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":11.991375,"vulnote":null}