{"vuid":"VU#664141","idnumber":"664141","name":"Debian glibc 2 symlink issue could allow arbitrary file overwriting","keywords":["linux","glibc","ld.so","LD_DEBUG_OUTPUT"],"overview":"Some versions of ld.so, the loader for shared libraries in UNIX/LINUX, do not properly clear risky environment variables, allowing a symlink attack to overwrite arbitrary files.","clean_desc":"LD_DEBUG_OUTPUT specifies a directory in which ld.so creates a file with a predictable name based on the process ID. ld.so uses this file to store debugging information. The current version of ld.so does not unset the environment variable LD_DEBUG_OUTPUT prior to calling setuid root programs. Even though setuid root programs are forced to ignore the LD_DEBUG_OUTPUT variable, output would be generated there by programs called from setuid root programs.","impact":"By setting up appropriate symlinks, a malicious user could cause arbitrary files to be overwritten with debugging information.","resolution":"Pending patch information by the vendor, CERT/CC is unaware of a practical solution to this problem.","workarounds":"","sysaffected":"","thanks":"The original report of this vulnerabilty was by Jakub Vlasek .","author":"This document was last modifed by Tim Shimeall.","public":["h","t","t","p",":","/","/","w","w","w",".","s","e","c","u","r","i","t","y","f","o","c","u","s",".","c","o","m","/","b","i","d","/","1","7","1","9"],"cveids":["CVE-2000-0959"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2000-10-18T05:25:48Z","publicdate":"2000-09-26T00:00:00Z","datefirstpublished":"2001-07-24T15:29:30Z","dateupdated":"2001-07-31T16:29:24Z","revision":8,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"1","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"9","cam_impact":"8","cam_easeofexploitation":"8","cam_attackeraccessrequired":"10","cam_scorecurrent":"0.108","cam_scorecurrentwidelyknown":"2.16","cam_scorecurrentwidelyknownexploited":"4.32","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.108,"vulnote":null}