What is the severity of CVE-2009-5064?

The severity of CVE-2009-5064 is considered to be low due to its local attack vector and the disputed nature of the vulnerability.

How do I fix CVE-2009-5064?

To fix CVE-2009-5064, users should upgrade to a newer version of glibc that does not have this vulnerability.

Who is affected by CVE-2009-5064?

CVE-2009-5064 affects users operating versions of the GNU C Library (glibc) up to and including 2.1.2 and earlier.

What are the implications of CVE-2009-5064?

The implications of CVE-2009-5064 could allow local users to gain elevated privileges through cleverly crafted executable files.

Is CVE-2009-5064 a valid vulnerability?

CVE-2009-5064 has been disputed by the GNU C Library vendor, who asserts that the claims are unfounded.

Vulnerability/
CVE-2009-5064

medium

6.9

CWE

264

30/3/2011

7/8/2024

CVE-2009-5064

First published: Wed Mar 30 2011(Updated: )

** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc."

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
GNU C Library	=2.1.2
GNU C Library	=2.0.5
GNU C Library	=2.0.6
GNU C Library	=1.00
GNU C Library	=1.06
GNU C Library	=2.1.1
GNU C Library	=1.02
GNU C Library	=2.0.3
GNU C Library	=1.07
GNU C Library	=2.0
GNU C Library	=2.1.1.6
GNU C Library	=1.04
GNU C Library	=1.01
GNU C Library	=2.1
GNU C Library	<=2.1.3
GNU C Library	=1.09.1
GNU C Library	=2.0.1
GNU C Library	=1.09
GNU C Library	=2.0.4
GNU C Library	=2.0.2
GNU C Library	=1.03
GNU C Library	=1.08
GNU C Library	=1.05
GNU C Library (glibc)	<=2.1.3
GNU C Library (glibc)	=1.00
GNU C Library (glibc)	=1.01
GNU C Library (glibc)	=1.02
GNU C Library (glibc)	=1.03
GNU C Library (glibc)	=1.04
GNU C Library (glibc)	=1.05
GNU C Library (glibc)	=1.06
GNU C Library (glibc)	=1.07
GNU C Library (glibc)	=1.08
GNU C Library (glibc)	=1.09
GNU C Library (glibc)	=1.09.1
GNU C Library (glibc)	=2.0
GNU C Library (glibc)	=2.0.1
GNU C Library (glibc)	=2.0.2
GNU C Library (glibc)	=2.0.3
GNU C Library (glibc)	=2.0.4
GNU C Library (glibc)	=2.0.5
GNU C Library (glibc)	=2.0.6
GNU C Library (glibc)	=2.1
GNU C Library (glibc)	=2.1.1
GNU C Library (glibc)	=2.1.1.6
GNU C Library (glibc)	=2.1.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-5064?
The severity of CVE-2009-5064 is considered to be low due to its local attack vector and the disputed nature of the vulnerability.
How do I fix CVE-2009-5064?
To fix CVE-2009-5064, users should upgrade to a newer version of glibc that does not have this vulnerability.
Who is affected by CVE-2009-5064?
CVE-2009-5064 affects users operating versions of the GNU C Library (glibc) up to and including 2.1.2 and earlier.
What are the implications of CVE-2009-5064?
The implications of CVE-2009-5064 could allow local users to gain elevated privileges through cleverly crafted executable files.
Is CVE-2009-5064 a valid vulnerability?
CVE-2009-5064 has been disputed by the GNU C Library vendor, who asserts that the claims are unfounded.

agent/type
agent/remedy
agent/references
agent/severity
agent/weakness
agent/status
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/event
agent/last-modified-date
agent/source
collector/nvd-historical
agent/software-canonical-lookup-request
agent/author
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
collector/nvd-index
vendor/gnu
canonical/gnu c library
version/gnu c library/2.1.2
version/gnu c library/2.0.5
version/gnu c library/2.0.6
version/gnu c library/1.00
version/gnu c library/1.06
version/gnu c library/2.1.1
version/gnu c library/1.02
version/gnu c library/2.0.3
version/gnu c library/1.07
version/gnu c library/2.0
version/gnu c library/2.1.1.6
version/gnu c library/1.04
version/gnu c library/1.01
version/gnu c library/2.1
version/gnu c library/2.1.3
version/gnu c library/1.09.1
version/gnu c library/2.0.1
version/gnu c library/1.09
version/gnu c library/2.0.4
version/gnu c library/2.0.2
version/gnu c library/1.03
version/gnu c library/1.08
version/gnu c library/1.05
canonical/gnu c library (glibc)
version/gnu c library (glibc)/2.1.3
version/gnu c library (glibc)/1.00
version/gnu c library (glibc)/1.01
version/gnu c library (glibc)/1.02
version/gnu c library (glibc)/1.03
version/gnu c library (glibc)/1.04
version/gnu c library (glibc)/1.05
version/gnu c library (glibc)/1.06
version/gnu c library (glibc)/1.07
version/gnu c library (glibc)/1.08
version/gnu c library (glibc)/1.09
version/gnu c library (glibc)/1.09.1
version/gnu c library (glibc)/2.0
version/gnu c library (glibc)/2.0.1
version/gnu c library (glibc)/2.0.2
version/gnu c library (glibc)/2.0.3
version/gnu c library (glibc)/2.0.4
version/gnu c library (glibc)/2.0.5
version/gnu c library (glibc)/2.0.6
version/gnu c library (glibc)/2.1
version/gnu c library (glibc)/2.1.1
version/gnu c library (glibc)/2.1.1.6
version/gnu c library (glibc)/2.1.2
status/disputed

CVE-2009-5064

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-5064?

How do I fix CVE-2009-5064?

Who is affected by CVE-2009-5064?

What are the implications of CVE-2009-5064?

Is CVE-2009-5064 a valid vulnerability?

Company

Resources

Contact