Page 28 of 138 results (0.011 seconds)

CVSS: 1.2EPSS: 0%CPEs: 1EXPL: 0

glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack. • http://www.securityfocus.com/archive/1/85028 http://www.securityfocus.com/bid/1719 https://exchange.xforce.ibmcloud.com/vulnerabilities/5299 •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2

The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH. • https://www.exploit-db.com/exploits/19503 http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html http://archives.neohapsis.com/archives/bugtraq/2000-08/0509.html http://archives.neohapsis.com/archives/bugtraq/2000-08/0525.html http://marc.info/?l=bugtraq&m=93760201002154&w=2 http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt http://www.debian.org/security/2000/20000902 http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3 http:/&# •

CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0

The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. • http://www.securityfocus.com/bid/1166 •