Document CVE-2025-4802.

author Carlos O'Donell <carlos@redhat.com>

Thu, 15 May 2025 21:46:36 +0000 (17:46 -0400)

committer Carlos O'Donell <carlos@redhat.com>

Fri, 16 May 2025 19:17:30 +0000 (15:17 -0400)
author Carlos O'Donell <carlos@redhat.com>
Thu, 15 May 2025 21:46:36 +0000 (17:46 -0400)
committer Carlos O'Donell <carlos@redhat.com>
Fri, 16 May 2025 19:17:30 +0000 (15:17 -0400)
diff --git a/advisories/GLIBC-SA-2025-0002 b/advisories/GLIBC-SA-2025-0002

new file mode 100644 (file)

index 0000000..95c5c23
--- /dev/null
+++ b/advisories/GLIBC-SA-2025-0002
@@ -0,0 +1,18 @@
+elf: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH
+
+A statically linked setuid binary that calls dlopen (including internal
+dlopen calls after setlocale or calls to NSS functions such as getaddrinfo)
+may incorrectly search LD_LIBRARY_PATH to determine which library to load,
+leading to the execution of library code that is attacker controlled.
+
+The only viable vector for exploitation of this bug is local, if a static
+setuid program exists, and that program calls dlopen, then it may search
+LD_LIBRARY_PATH to locate the SONAME to load. No such program has been
+discovered at the time of publishing this advisory, but the presence of
+custom setuid programs, although strongly discouraged as a security
+practice, cannot be discounted.
+
+CVE-id: CVE-2025-4802
+Public-Date: 2025-05-16
+Vulnerable-Commit: 10e93d968716ab82931d593bada121c17c0a4b93 (2.27)
+Fix-Commit: 5451fa962cd0a90a0e2ec1d8910a559ace02bba0 (2.39)
author	Carlos O'Donell <carlos@redhat.com>
	Thu, 15 May 2025 21:46:36 +0000 (17:46 -0400)
committer	Carlos O'Donell <carlos@redhat.com>
	Fri, 16 May 2025 19:17:30 +0000 (15:17 -0400)