CVE-2000-0824

Name of the Vulnerable Software and Affected Versions glibc version 2.1.1

Description The issue concerns the unsetenv function in glibc, which fails to properly unset an environmental variable if it is provided twice to a program. This could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables, such as LD PRELOAD or LD LIBRARY PATH.

Recommendations For glibc version 2.1.1, consider restricting the use of duplicate environmental variables to minimize the risk of exploitation. As a temporary workaround, avoid using the unsetenv function with duplicate variables until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.