CVE-2009-4146

NONECVSS 0.0

0.0

The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147.

🔗 References (16)

cve@mitrehttp://packetstormsecurity.com/files/152997/FreeBSD-rtld-execl-Privilege-Escalation.html
cve@mitrehttp://people.freebsd.org/~cperciva/rtld.patch
cve@mitrehttp://secunia.com/advisories/37517
cve@mitrehttp://www.securityfocus.com/archive/1/508142/100/0/threaded
cve@mitrehttp://www.securityfocus.com/archive/1/508146/100/0/threaded
cve@mitrehttp://www.securityfocus.com/archive/1/508168/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/37154
cve@mitrehttp://www.securitytracker.com/id?1023250
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/152997/FreeBSD-rtld-execl-Privilege-Escalation.html
af854a3a-2127-422b-91ae-364da2661108http://people.freebsd.org/~cperciva/rtld.patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37517
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/508142/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/508146/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/508168/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37154

Is Your Infrastructure Affected by CVE-2009-4146?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-4146

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-4146?