Mandrake Linux Security Advisory : glibc (MDKSA-2000:045-1)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.

Synopsis :

The remote Mandrake Linux host is missing one or more security

Description :

A bug was discovered in that could allow local users to obtain
root privileges. The dynamic loader,, is responsible for making
shared libraries available within a program at run-time. Normally, a
user is allowed to load additional shared libraries when executing a
program; they can be specified with environment variables such as
LD_PRELOAD. Because this is not acceptable for applications that are
setuid root, normally removes these environment variables for
setuid root programs. The discovered bug causes these environment
variables to not be removed under certain circumstances. While setuid
programs themselves are not vulnerable, external programs they execute
can be affected by this problem.

A number of additional bugs have been found in the glibc locale and
internationaliztion security checks. In internationalized programs,
users are permitted to select a locale or choose message catalogues
using environment variables such as LANG or LC_*. The content of these
variables is then used as part of the pathname used to search message
catalogues or locale files. Under normal circumstances, if these
variables contained the '/' character, a program could load the
internationalization files from arbitrary directories. This is not
acceptable for setuid programs, which is the reason glibc does not
allow certain settings of these variables if the program is setuid or
setgid. However, some of these checks were done in inapporpriate
places, contained bugs, or were missing entirely. It is highly
probable that some of these bugs can be used for local root exploits.

Update :

Packages are now available for Linux-Mandrake 6.0 and 6.1.

Solution :

Update the affected glibc, glibc-devel and / or glibc-profile

Risk factor :

High / CVSS Base Score : 7.2

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61837 ()

Bugtraq ID:

CVE ID: CVE-2000-0824

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now