|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200408-16] glibc: Information leak with LD_DEBUG Vulnerability Scan
Vulnerability Scan Summary glibc: Information leak with LD_DEBUG
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200408-16
(glibc: Information leak with LD_DEBUG)
Silvio Cesare discovered a potential information leak in glibc. It allows
LD_DEBUG on SUID binaries where it should not be allowed. This has various
security implications, which may be used to gain confidentional
information.
Impact
A possible hacker can gain the list of symbols a SUID application uses and their
locations and can then use a trojaned library taking precendence over those
symbols to gain information or perform further exploitation.
Workaround
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of glibc.
Solution:
All glibc users should upgrade to the latest version:
# emerge sync
# emerge -pv your_version
# emerge your_version
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|