Overview
ld.so fails to unset LD_PRELOAD before executing suid root programs, allowing loading of insecure or malicious libraries.
Description
ld.so, the UNIX/LINUX dynamic loader, fails in some conditions (and some operating system releases) to unset LD_PRELOAD before loading suid root programs for execution. Even though setuid root programs ignore LD_PRELOAD, programs called from suid root programs would use LD_PRELOAD and be loaded with insecure or malicious libraries and executed as root. |
Impact
By altering LD_PRELOAD, attackers could cause malicious libraries to be loaded by programs called from setuid root programs, which then could execute arbitrary code as root. |
Solution
Apply vendor patches; see the Systems Affected section below. |
Vendor Information
Caldera Affected
Notified: August 30, 2000 Updated: May 15, 2001
Status
Affected
Vendor Statement
http://www.linuxsecurity.com/advisories/caldera_advisory-657.html
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
FreeBSD Affected
Notified: September 08, 2000 Updated: May 15, 2001
Status
Affected
Vendor Statement
Since FreeBSD does not use glibc (which is Linux-specific software) we are
not vulnerable to the unsetenv() bug.
However, FreeBSD does have some minor issues in its locale implementation.
These do not affect any program in the FreeBSD base system (i.e. they are
not exploitable locally or remotely on a FreeBSD system with no third
party software installed), and no such third party software (including
ports) are in fact known to be vulnerable. We recommend users obtain
FreeBSD Security Advisory 00:47 for more information including
instructions for detecting vulnerable binaries.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MandrakeSoft Affected
Notified: August 30, 2000 Updated: May 15, 2001
Status
Affected
Vendor Statement
http://www.linuxsecurity.com/advisories/mandrake_advisory-667.html
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
TurboLinux Affected
Notified: February 19, 2001 Updated: May 15, 2001
Status
Affected
Vendor Statement
http://www.linuxsecurity.com/advisories/turbolinux_advisory-1158.html
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Apple Not Affected
Notified: September 08, 2000 Updated: May 15, 2001
Status
Not Affected
Vendor Statement
We've determined that glibc is not used in Mac OS X, and we are therefore
not exposed to the problems identified within glibc.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Compaq Computer Corporation Not Affected
Notified: September 08, 2000 Updated: May 15, 2001
Status
Not Affected
Vendor Statement
(c) Copyright 2000 Compaq Computer Corporation. All rights reserved.
SOURCE: Compaq Computer Corporation
Compaq Services
Software Security Response Team USA
The reported problems have not been found to affect the as shipped,
Compaq Tru64/UNIX Operating Systems Software.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Fujitsu Not Affected
Notified: September 08, 2000 Updated: May 15, 2001
Status
Not Affected
Vendor Statement
Regarding VU#686403 (ld.so fails to unset LD_PRELOAD before executing
suid root programs), the Fujitsu UXP/V operating system is not
vulnerable to this problem.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Hewlett Packard Not Affected
Notified: September 08, 2000 Updated: May 15, 2001
Status
Not Affected
Vendor Statement
HP-UX does not implement LD_PRELOAD.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Microsoft Not Affected
Notified: September 08, 2000 Updated: May 15, 2001
Status
Not Affected
Vendor Statement
Received confirmation from our development team and we are NOT
vulnerable to the various scenarios described.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
OpenBSD Not Affected
Notified: September 08, 2000 Updated: May 15, 2001
Status
Not Affected
Vendor Statement
Vendor has reported no products having this vulnerability
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SCO Not Affected
Notified: September 08, 2000 Updated: May 15, 2001
Status
Not Affected
Vendor Statement
SCO OpenServer Release 5 and UnixWare 7 systems are not
vulnerable to this exploit. The static and dynamic loaders
in SCO products do not use LD_PRELOAD.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
BSDI Unknown
Notified: September 08, 2000 Updated: May 15, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Data General Unknown
Notified: September 08, 2000 Updated: May 15, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
IBM Unknown
Notified: September 08, 2000 Updated: May 15, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NCR Unknown
Notified: September 08, 2000 Updated: May 15, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NEC Unknown
Notified: September 08, 2000 Updated: May 15, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NeXT Unknown
Notified: September 08, 2000 Updated: May 15, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NetBSD Unknown
Notified: September 08, 2000 Updated: May 15, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
RedHat Unknown
Notified: September 08, 2000 Updated: May 15, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SGI Unknown
Notified: September 08, 2000 Updated: May 15, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Siemens Nixdorf Unknown
Notified: September 08, 2000 Updated: May 15, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sony Unknown
Notified: September 08, 2000 Updated: May 15, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sun Unknown
Notified: September 08, 2000 Updated: May 15, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Unisys Unknown
Notified: September 08, 2000 Updated: May 15, 2001
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
The original public announcement was by Solar Designer
This document was last modified by Tim Shimeall
Other Information
| CVE IDs: | CVE-2000-0824 |
| Severity Metric: | 6.73 |
| Date Public: | 2000-08-31 |
| Date First Published: | 2001-05-17 |
| Date Last Updated: | 2001-06-21 19:29 UTC |
| Document Revision: | 6 |