Vigil@nce - glibc: privilege elevation via PATH and ORIGIN
February 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can use the PATH/RPATH variable and $ORIGIN, in
order to obtain privileges of suid/sgid programs.
Severity: 2/4
Creation date: 04/02/2011
IMPACTED PRODUCTS
– Debian Linux
DESCRIPTION OF THE VULNERABILITY
The VIGILANCE-VUL-10050 (https://vigilance.fr/tree/1/10050)
bulletin describes a vulnerability related to the LD_AUDIT
environment variable.
The PATH and RPATH environment variables are also impacted by the
same vulnerability.
A local attacker can therefore use the PATH/RPATH variable and
$ORIGIN, in order to obtain privileges of suid/sgid programs.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/glibc-privilege-elevation-via-PATH-and-ORIGIN-10324