mirror of git://sourceware.org/git/glibc.git
19 lines
931 B
Plaintext
19 lines
931 B
Plaintext
elf: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH
|
|
|
|
A statically linked setuid binary that calls dlopen (including internal
|
|
dlopen calls after setlocale or calls to NSS functions such as getaddrinfo)
|
|
may incorrectly search LD_LIBRARY_PATH to determine which library to load,
|
|
leading to the execution of library code that is attacker controlled.
|
|
|
|
The only viable vector for exploitation of this bug is local, if a static
|
|
setuid program exists, and that program calls dlopen, then it may search
|
|
LD_LIBRARY_PATH to locate the SONAME to load. No such program has been
|
|
discovered at the time of publishing this advisory, but the presence of
|
|
custom setuid programs, although strongly discouraged as a security
|
|
practice, cannot be discounted.
|
|
|
|
CVE-id: CVE-2025-4802
|
|
Public-Date: 2025-05-16
|
|
Vulnerable-Commit: 10e93d968716ab82931d593bada121c17c0a4b93 (2.27)
|
|
Fix-Commit: 5451fa962cd0a90a0e2ec1d8910a559ace02bba0 (2.39)
|