CVE-2009-5064

Name of the Vulnerable Software and Affected Versions glibc versions 2.3.4 and earlier glibc-utils versions 2.3.4 and earlier glibc-common versions 2.3.4 and earlier glibc-devel versions 2.3.4 and earlier glibc-profile versions 2.3.4 and earlier glibc-headers versions 2.3.4 and earlier nptl-devel version 2.3.4

Description The issue concerns multiple vulnerabilities in the glibc package and its related components, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally. The exploitation may involve the use of a Trojan horse executable file linked with a modified loader that omits certain LD TRACE LOADED OBJECTS checks, allowing local users to gain privileges.

Recommendations For glibc versions 2.3.4 and earlier, consider updating to a newer version to mitigate the risk. For glibc-utils versions 2.3.4 and earlier, consider updating to a newer version to mitigate the risk. For glibc-common versions 2.3.4 and earlier, consider updating to a newer version to mitigate the risk. For glibc-devel versions 2.3.4 and earlier, consider updating to a newer version to mitigate the risk. For glibc-profile versions 2.3.4 and earlier, consider updating to a newer version to mitigate the risk. For glibc-headers versions 2.3.4 and earlier, consider updating to a newer version to mitigate the risk. For nptl-devel version 2.3.4, consider updating to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available.