{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-10-26T00:00:00", "descriptions": [{"lang": "en", "value": "ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks.  NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-01-19T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/07/7"}, {"name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/08/10"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682998"}, {"name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/08/7"}, {"name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/08/3"}, {"tags": ["x_refsource_MISC"], "url": "http://reverse.lostrealm.com/protect/ldd.html"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/07/10"}, {"tags": ["x_refsource_MISC"], "url": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/"}, {"name": "[oss-security] 20110307 Re: ldd can execute an app unexpectedly", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/08/2"}, {"name": "[oss-security] 20110307 ldd can execute an app unexpectedly", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/07/13"}, {"name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/08/1"}, {"name": "RHSA-2011:1526", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531160"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-5064", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks.  NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/07/7"}, {"name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/08/10"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=682998", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682998"}, {"name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/08/7"}, {"name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/08/3"}, {"name": "http://reverse.lostrealm.com/protect/ldd.html", "refsource": "MISC", "url": "http://reverse.lostrealm.com/protect/ldd.html"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/07/10"}, {"name": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/", "refsource": "MISC", "url": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/"}, {"name": "[oss-security] 20110307 Re: ldd can execute an app unexpectedly", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/08/2"}, {"name": "[oss-security] 20110307 ldd can execute an app unexpectedly", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/07/13"}, {"name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/08/1"}, {"name": "RHSA-2011:1526", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=531160", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531160"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:24:54.063Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/07/7"}, {"name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/08/10"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682998"}, {"name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/08/7"}, {"name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/08/3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://reverse.lostrealm.com/protect/ldd.html"}, {"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/07/10"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/"}, {"name": "[oss-security] 20110307 Re: ldd can execute an app unexpectedly", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/08/2"}, {"name": "[oss-security] 20110307 ldd can execute an app unexpectedly", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/07/13"}, {"name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/08/1"}, {"name": "RHSA-2011:1526", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531160"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-5064", "datePublished": "2011-03-30T22:00:00", "dateReserved": "2011-03-30T00:00:00", "dateUpdated": "2024-08-07T07:24:54.063Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0648C0D-93C6-4A74-89E2-377E5456E2F0", "versionEndIncluding": "2.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*", "matchCriteriaId": "AA23C241-132B-423E-A22A-7206A8074D10", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "F79978B1-8831-4169-B815-80138C85832C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*", "matchCriteriaId": "991EB676-F043-418D-BD81-0BB937236D40", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*", "matchCriteriaId": "AA0C5DB0-602E-4296-884C-60E24FC80458", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*", "matchCriteriaId": "3211F47C-DF6D-4355-95F8-DED317700621", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*", "matchCriteriaId": "229BFD88-A90F-4D2B-97B9-822A7D87EAEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*", "matchCriteriaId": "FFE253B0-D8E0-4099-8CA7-8925B4809F88", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*", "matchCriteriaId": "D640F556-8181-4F15-B2F7-7EC7E8869FB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*", "matchCriteriaId": "061383CD-B9AD-41C6-8C46-F79870B9CD22", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*", "matchCriteriaId": "9897B03F-A457-4B29-9C5E-FEA084D3BF0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*", "matchCriteriaId": "C7C3684B-CE01-46B5-9E41-BF58E6A5AA64", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5C0577C-6BC7-418F-B2C5-B74800D43418", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FEA795F7-8AAC-42BA-971B-601346704BD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5CADA314-C0D0-40F8-9019-884F17D0B54A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "255E0C0D-0B70-4C10-BF7C-34193AA24C42", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F424F2F5-D7E4-4A13-A8CF-32D466610BDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6DC4E7AE-BDC4-48F1-9FDE-3F3FAA3F40F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "F1329215-C53A-40D5-8E9C-F457D092E483", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4E2A0F12-FD00-40B9-86AD-7D082385E5DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8ED8F0E8-A969-4F7F-A100-662F4A5426FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "9416576F-A605-45BE-AA01-FEF357A66979", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AE582B8F-4E31-4D0F-B2F9-AC83C855F751", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks.  NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc."}, {"lang": "es", "value": "**DISPUTADA**  ldd en la Biblioteca de C de GNU (tambi\u00e9n conocida como glibc o libc6) v2.13 y anteriores permite a usuarios locales conseguir privilegios a trav\u00e9s de un troyano ejecutable enlazado con un cargador modificado que omite los controles LD_TRACE_LOADED_OBJECTS determinados.  NOTA: El desarrollador de la libre\u00eda C de GNU dice \"Esto es un sinsentido. Hay tropecientas formas de introducir c\u00f3digo si la gente est\u00e1 descargando archivos binarios y los instala en directorios adecuados o establece LD_LIBRARY_PATH, etc. \""}], "id": "CVE-2009-5064", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-03-30T22:55:01.330", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://openwall.com/lists/oss-security/2011/03/07/10"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/07/13"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://openwall.com/lists/oss-security/2011/03/07/7"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/08/1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/08/10"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/08/2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/08/3"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/08/7"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://reverse.lostrealm.com/protect/ldd.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531160"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682998"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://openwall.com/lists/oss-security/2011/03/07/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/07/13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://openwall.com/lists/oss-security/2011/03/07/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/08/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/08/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/08/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/08/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/08/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://reverse.lostrealm.com/protect/ldd.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531160"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682998"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2012:0125", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "glibc-0:2.3.4-2.57", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2012-02-13T00:00:00Z"}, {"advisory": "RHSA-2012:0126", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "glibc-0:2.5-65.el5_7.3", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2012-02-13T00:00:00Z"}, {"advisory": "RHSA-2011:1526", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "glibc-0:2.12-1.47.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-12-05T00:00:00Z"}], "bugzilla": {"description": "glibc: ldd unexpected code execution issue", "id": "692393", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692393"}, "csaw": false, "cvss": {"cvss_base_score": "3.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks.  NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc."], "name": "CVE-2009-5064", "public_date": "2009-10-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-5064\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-5064"], "threat_severity": "Low"}