Mandrake Linux Security Advisory : glibc (MDKSA-2000:040)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A bug was discovered in ld.so that could allow local users to obtain
root privileges. The dynamic loader, ld.so, is responsible for making
shared libraries available within a program at run-time. Normally, a
user is allowed to load additional shared libraries when executing a
program; they can be specified with environment variables such as
LD_PRELOAD. Because this is not acceptable for applications that are
setuid root, ld.so normally removes these environment variables for
setuid root programs. The discovered bug causes these environment
variables to not be removed under certain circumstances. While setuid
programs themselves are not vulnerable, external programs they execute
can be affected by this problem. These updated packages contain a
patch from Caldera Systems, Inc. that fixes this vulernability. It
should be noted that as of yet there are no known exploits for this
problem, but all users should update to these glibc packages.

Solution :

Update the affected glibc, glibc-devel and / or glibc-profile
packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61833 ()

Bugtraq ID:

CVE ID: CVE-2000-0824

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now