Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Gentoo Local Security Checks --> Category: infos

[GLSA-200408-16] glibc: Information leak with LD_DEBUG Vulnerability Scan

Vulnerability Scan Summary
glibc: Information leak with LD_DEBUG

Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200408-16
(glibc: Information leak with LD_DEBUG)

Silvio Cesare discovered a potential information leak in glibc. It allows
LD_DEBUG on SUID binaries where it should not be allowed. This has various
security implications, which may be used to gain confidentional


A possible hacker can gain the list of symbols a SUID application uses and their
locations and can then use a trojaned library taking precendence over those
symbols to gain information or perform further exploitation.


There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of glibc.

All glibc users should upgrade to the latest version:
# emerge sync
# emerge -pv your_version
# emerge your_version

Threat Level: Low

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.