146403 – Information leak with LD_DEBUG

Bug 146403 - Information leak with LD_DEBUG

Summary: Information leak with LD_DEBUG

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 2.1
Classification:	Red Hat
Component:	glibc
Sub Component:
Version:	2.1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jakub Jelinek
QA Contact:	Brian Brock
Docs Contact:
URL:	http://www.gentoo.org/security/en/gls...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-01-27 21:48 UTC by Leonard den Ottolander
Modified:	2016-11-24 14:48 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-01-27 22:04:13 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Leonard den Ottolander 2005-01-27 21:48:22 UTC

Silvio Cesare discovered a potential information leak in glibc. It
allows LD_DEBUG on SUID binaries where it should not be allowed. This
has various security implications, which may be used to gain
confidentional information.

P.S. Also applies to 2.1 DE, ES and WS.

Comment 1 Jakub Jelinek 2005-01-27 21:57:45 UTC

2.1 doesn't have PIEs nor randomization, nor prelinking.  LD_DEBUG doesn't reveal
you something you can't find out otherwise.

Note You need to log in before you can comment on or make changes to this bug.