CVE-2001-0169

Published: Mar 26, 2001Modified: Apr 16, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

Affected (19)

Products: Mandrakesoft: Mandrake Linux, Mandrake Linux Corporate Server · Redhat: Linux · Trustix: Secure Linux · +1 more

Show all products

Mandrakesoft: Mandrake Linux, Mandrake Linux Corporate Server · Redhat: Linux · Trustix: Secure Linux · Turbolinux: Turbolinux

2 products

Mandrake Linux Corporate Server

1 product

1 product

1 product

Configuration A

19 vulnerable

Vulnerable Software	Affected Versions
Mandrakesoft Mandrake Linux	Version 6.0
Mandrakesoft Mandrake Linux	Version 6.1
Mandrakesoft Mandrake Linux	Version 7.0
Mandrakesoft Mandrake Linux	Version 7.1
Mandrakesoft Mandrake Linux	Version 7.2
Mandrakesoft Mandrake Linux Corporate Server	Version 1.0.1
Redhat Linux	Version 6.0
Redhat Linux	Version 6.0
Redhat Linux	Version 6.0
Redhat Linux	Version 6.1
Redhat Linux	Version 6.1
Redhat Linux	Version 6.1
Redhat Linux	Version 6.2
Redhat Linux	Version 6.2
Redhat Linux	Version 6.2
Trustix Secure Linux	Version 1.1
Trustix Secure Linux	Version 1.2
Turbolinux Turbolinux	Up to 6.0.5
Turbolinux Turbolinux	Version 6.1

References (18)

http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html

Source: cve@mitre.org

http://www.calderasystems.com/support/security/advisories/CSSA-2001-007.0.txt

Source: cve@mitre.org

http://www.debian.org/security/2001/dsa-039

Source: cve@mitre.org

http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-012.php3?dis=7.2

Source: cve@mitre.org

PatchVendor Advisory

http://www.novell.com/linux/security/advisories/2001_001_glibc_txt.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2001-002.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/archive/1/157650

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/2223

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/5971

Source: cve@mitre.org

http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.calderasystems.com/support/security/advisories/CSSA-2001-007.0.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2001/dsa-039

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-012.php3?dis=7.2

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.novell.com/linux/security/advisories/2001_001_glibc_txt.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2001-002.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/archive/1/157650

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/bid/2223

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/5971

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.