ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.
2011-03-30T22:55:01.330
2025-04-11T00:51:21.963
Deferred
CVSSv2: 6.9 (MEDIUM)
AV:L/AC:M/Au:N/C:C/I:C/A:C
3.4
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | gnu | glibc | ≤ 2.1.3 | Yes |
| Application | gnu | glibc | 1.00 | Yes |
| Application | gnu | glibc | 1.01 | Yes |
| Application | gnu | glibc | 1.02 | Yes |
| Application | gnu | glibc | 1.03 | Yes |
| Application | gnu | glibc | 1.04 | Yes |
| Application | gnu | glibc | 1.05 | Yes |
| Application | gnu | glibc | 1.06 | Yes |
| Application | gnu | glibc | 1.07 | Yes |
| Application | gnu | glibc | 1.08 | Yes |
| Application | gnu | glibc | 1.09 | Yes |
| Application | gnu | glibc | 1.09.1 | Yes |
| Application | gnu | glibc | 2.0 | Yes |
| Application | gnu | glibc | 2.0.1 | Yes |
| Application | gnu | glibc | 2.0.2 | Yes |
| Application | gnu | glibc | 2.0.3 | Yes |
| Application | gnu | glibc | 2.0.4 | Yes |
| Application | gnu | glibc | 2.0.5 | Yes |
| Application | gnu | glibc | 2.0.6 | Yes |
| Application | gnu | glibc | 2.1 | Yes |
| Application | gnu | glibc | 2.1.1 | Yes |
| Application | gnu | glibc | 2.1.1.6 | Yes |
| Application | gnu | glibc | 2.1.2 | Yes |