CVE-2001-0169

Name of the Vulnerable Software and Affected Versions glibc versions 2.1.3

Description The issue affects the glibc package in Red Hat Linux, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely. A specific concern is the use of the LD PRELOAD environmental variable in SUID or SGID applications, where glibc fails to verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID. This could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

Recommendations For glibc version 2.1.3, consider restricting the use of the LD PRELOAD environmental variable in SUID or SGID applications until a patch is available. As a temporary workaround, ensure that all preloaded libraries in /etc/ld.so.cache are properly set as SUID/SGID to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.