CVE-2009-5064
Description
ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ldd in glibc ≤2.13 allows local privilege escalation by executing a Trojan horse binary that bypasses LD_TRACE_LOADED_OBJECTS checks.
Vulnerability
The ldd utility in the GNU C Library (glibc) versions 2.13 and earlier acts as a wrapper that sets the LD_TRACE_LOADED_OBJECTS environment variable and invokes the dynamic linker/loader to display library dependencies. It omits certain security checks, allowing a crafted executable to execute arbitrary code when inspected by ldd. This behavior is inherent to how the dynamic linker processes binaries under LD_TRACE_LOADED_OBJECTS [1].
Exploitation
An attacker with local system access can create a malicious executable that exploits the omitted checks. When a victim (commonly a system administrator) runs ldd on this file, the executable's code is executed in the context of the dynamic linker, effectively running arbitrary code with the privileges of the user invoking ldd. The attack requires no special privileges beyond the ability to place a binary on the system and convince a user to run ldd on it (e.g., via social engineering) [1][3].
Impact
Successful exploitation results in arbitrary code execution with the privileges of the user running ldd. If the victim has root privileges, the attacker can gain full control of the system. The vulnerability also allows information disclosure and privilege escalation [4].
Mitigation
The glibc vendor considers this a non-issue, stating that other methods exist to introduce code if users download arbitrary binaries [description]. No official patch has been released. The recommended workaround is to avoid running ldd on untrusted binaries; alternative tools such as readelf -d or objdump -p should be used instead [3]. Some distribution-specific advisories (e.g., Red Hat) may provide additional guidance [2].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
24cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*+ 22 more
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*range: <=2.1.3
- cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- openwall.com/lists/oss-security/2011/03/07/10nvdExploit
- openwall.com/lists/oss-security/2011/03/07/13nvdExploitPatch
- openwall.com/lists/oss-security/2011/03/07/7nvdExploit
- openwall.com/lists/oss-security/2011/03/08/1nvdExploitPatch
- openwall.com/lists/oss-security/2011/03/08/10nvdExploitPatch
- openwall.com/lists/oss-security/2011/03/08/2nvdExploitPatch
- openwall.com/lists/oss-security/2011/03/08/3nvdExploitPatch
- openwall.com/lists/oss-security/2011/03/08/7nvdExploitPatch
- reverse.lostrealm.com/protect/ldd.htmlnvdExploit
- www.catonmat.net/blog/ldd-arbitrary-code-execution/nvdExploit
- bugzilla.redhat.com/show_bug.cginvdExploitPatch
- bugzilla.redhat.com/show_bug.cginvdExploitPatch
- www.redhat.com/support/errata/RHSA-2011-1526.htmlnvd
News mentions
0No linked articles in our index yet.