CVE-2001-0170

Name of the Vulnerable Software and Affected Versions glibc versions 2.1.9x and earlier glibc-2.2 glibc-common-2.2 glibc-devel-2.2 glibc-profile-2.2

Description The issue affects the glibc package in Red Hat Linux, potentially leading to a breach of protected information confidentiality. Exploitation can be carried out locally. The vulnerability is related to the improper clearing of environmental variables such as RESOLV HOST CONF, HOSTALIASES, or RES OPTIONS when executing setuid/setgid programs, which could allow local users to read arbitrary files.

Recommendations For glibc versions 2.1.9x and earlier, update to a version later than 2.1.9x to resolve the issue. For glibc-2.2, glibc-common-2.2, glibc-devel-2.2, and glibc-profile-2.2, consider disabling setuid/setgid programs that utilize the vulnerable glibc package until a patch is available. As a temporary workaround, restrict access to sensitive files and directories to minimize the risk of exploitation.