Lucene search

MitreCVE-2000-0959

HistoryJan 22, 2001 - 5:00 a.m.

CVE-2000-0959

2001-01-2205:00:00

mitre

web.nvd.nist.gov

cve-2000-0959

glibc2

setuid programs

local users

symlink attack

file overwriting

nvd

CVSS2

1.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

High

EPSS

Percentile

5.1%

JSON

glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.

Affected configurations

Nvd

Node

gnuglibcMatch2.1.3.10

VendorProductVersionCPE
gnuglibc2.1.3.10cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	glibc	2.1.3.10	cpe:2.3:a:gnu:glibc:2.1.3.10:::::::*

References

www.securityfocus.com/archive/1/85028

www.securityfocus.com/bid/1719

exchange.xforce.ibmcloud.com/vulnerabilities/5299

CVSS2

1.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2000-0959