DEBIAN-CVE-2009-5064

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2009-5064

Published: 30 Mar 2011, 22:55

Last modified:28 Apr 2026, 20:11

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

30 Mar 2011, 22:55

Published

Vulnerability first disclosed

28 Apr 2026, 20:11

Last Modified

Vulnerability information updated

Description

ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.

Affected Systems

debian•glibc
< 2.10.1-7 | < 2.10.1-7 | < 2.10.1-7 | < 2.10.1-7

References (1)

https://security-tracker.debian.org/tracker/CVE-2009-5064