CVE-2009-4147

Name of the Vulnerable Software and Affected Versions FreeBSD versions 7.1 through 8.0

Description The issue concerns the rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c. It does not clear certain environment variables, including LD LIBMAP, LD LIBRARY PATH, LD LIBMAP DISABLE, LD DEBUG, and LD ELF HINTS PATH. This allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library.

Recommendations For FreeBSD versions 7.1 through 8.0, consider clearing the LD LIBMAP, LD LIBRARY PATH, LD LIBMAP DISABLE, LD DEBUG, and LD ELF HINTS PATH environment variables before executing setuid or setguid programs to prevent exploitation. As a temporary workaround, restrict the use of setuid and setguid programs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.