New Search

GNU glibc 2.3.4 before 2.3.4.20040619 2.3.3 before 2.3.3.20040420 and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program which allows local users to gain sensitive information such as the list of symbols used by the program.

oval:org.mitre.oval:def:10762

GNU glibc 2.3.4 before 2.3.4.20040619 2.3.3 before 2.3.3.20040420 and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program which allows local users to gain sensitive information such as the list of symbols used by the program.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 3
  • CentOS Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2004-1453
Product(s):