Zlibc Environment Variable Handling Local Privilege Escalation Vulnerability

Feb 2, 2022 10:00 pm Technology 172











EIP-1a8a439f


A vulnerability exists in Zlibc that allows a local attacker to execute arbitrary code with elevated privileges through manipulation of the LD_ZLIB_CONFFILE and LD_ZLIB_UNCOMPRESSOR environment variables when calling setuid binaries.


Vulnerability Identifiers


Exodus Intelligence: EIP-1a8a439f
MITRE CVE: N/A

Vulnerability Metrics


CVSSv2 Score: 6.6

Vendor References


This vulnerability has been addressed in Zlibc version 0.9l.
https://www.zlibc.linux.lu/download.html
https://zlibc.linux.lu/mailman3/hyperkitty/list/[email protected]/

Discovery Credit


Exodus Intelligence

Disclosure Timeline


Disclosed to affected vendor: January 5th, 2022
Disclosed to public: February 2nd, 2022

Further Information


Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected].


Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program.












The post Zlibc Environment Variable Handling Local Privilege Escalation Vulnerability appeared first on Exodus Intelligence.



Support the originator by clicking the read the rest link below.
zlibc environment variable handling local privilege escalation vulnerability
Read The Rest from the original source
blog.exodusintel.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!