Description
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.
References (3)
Core 3
Core References
Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1719
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5299
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/85028
Scores
EPSS
0.0009
EPSS Percentile
25.1%
Details
Status
published
Products (1)
gnu/glibc
2.1.3.10
Published
Dec 19, 2000
Tracked Since
Feb 18, 2026