| Vulnerability Name: | CCN-5174 | ||||||
| Published: | 2000-09-02 | ||||||
| Updated: | 2000-09-02 | ||||||
| Summary: | The glibc package that ships with many Linux distributions could allow a local attacker to gain root access on a system by providing a false translation file. The locale handling in glibc is designed to prevent environment variables, such as LANG and LC_*, from being used to execute arbitrary code. Under some circumstances, the program handles special characters, such as slashes and "..". An attacker could specify alternate locations for localization files to execute arbitrary code on the system and gain root access. | ||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||
| CVSS v2 Severity: | 4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||
| Vulnerability Consequences: | Gain Privileges | ||||||
| References: | Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2000-030.0 serious vulnerability in glibc NLS code Source: CCN Type: BugTraq Mailing List, Wed Aug 30 2000 - 19:14:23 CDT glibc unsetenv bug Source: CCN Type: BugTraq Mailing List, Wed Sep 06 2000 - 05:02:35 CDT [slackware-security]: glibc 2.1.3 vulnerabilities patched Source: CCN Type: Conectiva Linux Announcement CLSA-2000:313 glibc Source: CCN Type: SuSE Security Announcement, September 6th, 2000 shlibs (glibc-2.0, glibc-2.1) Source: CCN Type: RHSA-2000:057-02 glibc vulnerabilities in ld.so, locale and gettext Source: CCN Type: TurboLinux Security Announcement TLSA2000021-1 glibc unsetenv and locale Source: CCN Type: CORE SDI S.A. Security Advisory CORE-090400 UNIX locale format string vulnerability Source: DEBIAN Type: Debian Security Advisory 20000902 glibc: local root exploit Source: XF Type: UNKNOWN glibc-false-translation(5174) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||