First published: Mon Sep 07 2015(Updated: )
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
GNU C Library | <=2.22 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-8777 is classified as having a moderate severity level due to its potential to allow local users to bypass security measures.
To fix CVE-2015-8777, upgrade glibc to version 2.23 or later, which addresses the vulnerability.
CVE-2015-8777 affects local users on systems running glibc versions prior to 2.23.
CVE-2015-8777 is associated with local privilege escalation attacks that exploit a weakness in the dynamic loader.
While upgrading glibc is the recommended solution, temporarily setting the LD_POINTER_GUARD environment variable to a non-zero value may mitigate the vulnerability.