glib unsetenv() Duplicate Entry Removal Vulnerability

A potential vulnerability exists in the GNU glibc package. glibc is a libc implementation shipped with a number of popular free/open source OS distributions. A bug in the unsetenv() function makes it so that duplicate environment entries are not eliminated when this function is called. Any program that relies on unsetenv() to remove all instances of a environment variable for security purposes, when built against a vulnerable version of glibc, may be open to attack.


 

Privacy Statement
Copyright 2010, SecurityFocus