CVE - CVE-2000-0824

CVE-ID
CVE-2000-0824	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:1639 URL:http://www.securityfocus.com/bid/1639 BID:648 URL:http://www.securityfocus.com/bid/648 BUGTRAQ:19990917 A few bugs... URL:http://marc.info/?l=bugtraq&m=93760201002154&w=2 BUGTRAQ:20000831 glibc unsetenv bug URL:http://www.securityfocus.com/archive/1/79537 BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html BUGTRAQ:20000905 Conectiva Linux Security Announcement - glibc URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0509.html BUGTRAQ:20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0525.html CALDERA:CSSA-2000-028.0 URL:~~http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt~~ (Obsolete source - check if archived by the Wayback Machine) DEBIAN:20000902 glibc: local root exploit URL:http://www.debian.org/security/2000/20000902 MANDRAKE:MDKSA-2000:040 URL:~~http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3~~ (Obsolete source) MANDRAKE:MDKSA-2000:045 URL:~~http://www.linux-mandrake.com/en/updates/MDKSA-2000-045.php3~~ (Obsolete source) REDHAT:RHSA-2000:057 URL:http://www.redhat.com/support/errata/RHSA-2000-057.html SUSE:20000924 glibc locale security problem URL:http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html TURBO:TLSA2000020-1 URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html XF:glibc-ld-unsetenv(5173) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5173
Date Record Created
20010122	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)