{"id":"CVE-2009-5064","details":"ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks.  NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.","modified":"2026-01-27T04:10:07.392729Z","published":"2011-03-30T22:55:01Z","withdrawn":"2026-01-27T04:10:07.392729Z","related":["openSUSE-SU-2024:10792-1"],"database_specific":{"isDisputed":true},"references":[{"type":"EVIDENCE","url":"http://openwall.com/lists/oss-security/2011/03/07/10"},{"type":"FIX","url":"http://openwall.com/lists/oss-security/2011/03/07/13"},{"type":"EVIDENCE","url":"http://openwall.com/lists/oss-security/2011/03/07/7"},{"type":"FIX","url":"http://openwall.com/lists/oss-security/2011/03/08/1"},{"type":"FIX","url":"http://openwall.com/lists/oss-security/2011/03/08/10"},{"type":"FIX","url":"http://openwall.com/lists/oss-security/2011/03/08/2"},{"type":"FIX","url":"http://openwall.com/lists/oss-security/2011/03/08/3"},{"type":"FIX","url":"http://openwall.com/lists/oss-security/2011/03/08/7"},{"type":"EVIDENCE","url":"http://reverse.lostrealm.com/protect/ldd.html"},{"type":"EVIDENCE","url":"http://www.catonmat.net/blog/ldd-arbitrary-code-execution/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=531160"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=682998"},{"type":"WEB","url":"http://www.redhat.com/support/errata/RHSA-2011-1526.html"}],"schema_version":"1.7.3"}