{"vuid":"VU#686403","idnumber":"686403","name":"ld.so fails to unset LD_PRELOAD before executing suid root programs","keywords":["glibc","glib","ld.so","unsetenv"],"overview":"ld.so fails to unset LD_PRELOAD before executing suid root programs, allowing loading of insecure or malicious libraries.","clean_desc":"ld.so, the UNIX/LINUX dynamic loader, fails in some conditions (and some operating system releases) to unset LD_PRELOAD before loading suid root programs for execution. Even though setuid root programs ignore LD_PRELOAD, programs called from suid root programs would use LD_PRELOAD and be loaded with insecure or malicious libraries and executed as root.","impact":"By altering LD_PRELOAD, attackers could cause malicious libraries to be loaded by programs called from setuid root programs, which then could execute arbitrary code as root.","resolution":"Apply vendor patches; see the Systems Affected section below.","workarounds":"","sysaffected":"","thanks":"The original public announcement was by Solar Designer <solar@false.com>.","author":"This document was last modified by Tim Shimeall","public":["h","t","t","p",":","/","/","w","w","w",".","s","e","c","u","r","i","t","y","f","o","c","u","s",".","c","o","m","/","v","d","b","/","b","o","t","t","o","m",".","h","t","m","l","?","v","i","d","=","1","6","3","9"],"cveids":["CVE-2000-0824"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2000-08-30T18:04:29Z","publicdate":"2000-08-31T00:00:00Z","datefirstpublished":"2001-05-17T13:45:31Z","dateupdated":"2001-06-21T19:29:16Z","revision":6,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"14","cam_exploitation":"1","cam_internetinfrastructure":"6","cam_population":"10","cam_impact":"19","cam_easeofexploitation":"9","cam_attackeraccessrequired":"10","cam_scorecurrent":"6.733125","cam_scorecurrentwidelyknown":"8.656875","cam_scorecurrentwidelyknownexploited":"14.74875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.733125,"vulnote":null}