The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-12-02T19:00:00
Updated: 2019-05-22T02:06:03
Reserved: 2009-12-01T00:00:00
Link: CVE-2009-4147
JSON object: View
NVD Information
Status : Modified
Published: 2009-12-02T19:30:00.217
Modified: 2019-05-22T03:29:00.597
Link: CVE-2009-4147
JSON object: View
Redhat Information
No data.
CWE