GLSA-200408-16 : glibc: Information leak with LD_DEBUG

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200408-16
(glibc: Information leak with LD_DEBUG)

Silvio Cesare discovered a potential information leak in glibc. It
allows LD_DEBUG on SUID binaries where it should not be allowed. This
has various security implications, which may be used to gain
confidential information.

Impact :

An attacker can gain the list of symbols a SUID application uses and
their locations and can then use a trojaned library taking precendence
over those symbols to gain information or perform further exploitation.

Workaround :

There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of glibc.

See also :

Solution :

All glibc users should upgrade to the latest version:
# emerge sync
# emerge -pv your_version
# emerge your_version

Risk factor :

Low / CVSS Base Score : 2.1

Family: Gentoo Local Security Checks

Nessus Plugin ID: 14572 (gentoo_GLSA-200408-16.nasl)

Bugtraq ID:

CVE ID: CVE-2004-1453

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now