Package: glibc Version: different versions Distribution: Debian woody, sid, other Non-Debian (SuSE,RH, Gentoo) Unaffected: Debian potato (at least my installation) Vulnerable: yes, local, privilege escalation Reproducible: always Behaviour: LD_PRELOAD gets evaluated: caspar@marvin:~$ LD_PRELOAD=funny /bin/su /bin/su: error while loading shared libraries: funny: cannot open shared object file: No such file or directory caspar@marvin:~$ Should be: no evaluation: caspar@marvin:~$ LD_PRELOAD=funny /bin/su Password: Known problem: reported in 1998, also fix in DSA-039-1, Mar 8, 2001 Reported to me by: Sascha Silbe Initial Bugreport by Sascha Silbe: http://bugs.gentoo.org/show_bug.cgi?id=24332 Please fix this bug. bye caspar
Attachment:
pgpa7lsNBWhLU.pgp
Description: PGP signature