VDB
CVE-2000-0824
CVE-2000-0824
PUBLISHED
CVSS 7.199999809265137 HIGH
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.
EPSS 0.31% · 54.2th percentile
Risk Scores
CVSS 2.0
7.199999809265137
EPSS Score
0.31%
54.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| gnu | glibc | 2.1.1 |
Timeline
- Nov 14, 2000 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 26, 2023 EPSS Score
References
- glibc-ld-unsetenv(5173) vdb
- 19990917 A few bugs... mailing-list
- 20000924 glibc locale security problem vendor-advisory
- 20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched mailing-list
- RHSA-2000:057 vendor-advisory
- MDKSA-2000:045 vendor-advisory
- 20000902 Conectiva Linux Security Announcement - glibc mailing-list
- 1639 vdb
- TLSA2000020-1 vendor-advisory
- 20000902 glibc: local root exploit vendor-advisory
- 20000831 glibc unsetenv bug mailing-list
- 20000905 Conectiva Linux Security Announcement - glibc mailing-list
- 648 vdb
- CSSA-2000-028.0 vendor-advisory
- MDKSA-2000:040 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2000-0824 advisory