Family: Debian Local Security Checks --> Category: infos
[DSA039] DSA-039-1 glibc Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
The version of GNU libc that was distributed with Debian
GNU/Linux 2.2 suffered from 2 security problems:
It was possible to use LD_PRELOAD to load libraries that are listed in
/etc/ld.so.cache, even for suid programs. This could be used to create (and
overwrite) files which a user should not be allowed to.
By using LD_PROFILE suid programs would write data to a file to /var/tmp,
which was not done safely. Again, this could be used to create (and overwrite)
files which a user should not have access to.
Both problems have been fixed in version 2.1.3-17 and we recommend that
you upgrade your glibc packages immediately.
Please note that a side-effect of this upgrade is that ldd will no longer
work on suid programs, unless you logged in as root.
Solution : http://www.debian.org/security/2001/dsa-039
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.