CVE-2004-1453

Name of the Vulnerable Software and Affected Versions glibc versions 2.3.4 before 2.3.4.20040619 glibc versions 2.3.3 before 2.3.3.20040420 glibc versions 2.3.2 before 2.3.2-r10 glibc version 2.2.4

Description The issue allows local users to gain sensitive information, such as the list of symbols used by the program, due to the lack of restriction on the use of LD DEBUG for a setuid program. Exploitation of the vulnerabilities can lead to disruption of protected information integrity and confidentiality. The exploitation can be performed locally.

Recommendations For glibc versions 2.3.4 before 2.3.4.20040619, update to version 2.3.4.20040619 or later. For glibc versions 2.3.3 before 2.3.3.20040420, update to version 2.3.3.20040420 or later. For glibc versions 2.3.2 before 2.3.2-r10, update to version 2.3.2-r10 or later. For glibc version 2.2.4, consider upgrading to a newer version of glibc to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability for glibc version 2.2.4.