CVE-2010-3856

Severity

72%

Complexity

39%

Confidentiality

165%

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 14 years ago

2011-01-07 19:00:00

Last updated 5 years ago

2019-06-13 21:29:00

Affected Software

GNU glibc 1.00

1.00

GNU glibc 1.01

1.01

GNU glibc 1.02

1.02

GNU glibc 1.03

1.03

GNU glibc 1.04

1.04

GNU glibc 1.05

1.05

GNU glibc 1.06

1.06

GNU glibc 1.07

1.07

GNU glibc 1.08

1.08

GNU glibc 1.09

1.09

GNU glibc 1.09.1

1.09.1

GNU glibc 2.0

2.0

GNU glibc 2.0.1

2.0.1

GNU glibc 2.0.2

2.0.2

GNU glibc 2.0.3

2.0.3

GNU glibc 2.0.4

2.0.4

GNU glibc 2.0.5

2.0.5

GNU glibc 2.0.6

2.0.6

GNU glibc 2.1

2.1

GNU glibc 2.1.1

2.1.1

GNU glibc 2.1.1.6

2.1.1.6

GNU glibc 2.1.2

2.1.2

GNU glibc 2.1.3

2.1.3

GNU glibc 2.1.3.10

2.1.3.10

GNU glibc 2.1.9

2.1.9

GNU glibc 2.2

2.2

GNU glibc 2.2.1

2.2.1

GNU glibc 2.2.2

2.2.2

GNU glibc 2.2.3

2.2.3

GNU glibc 2.2.4

2.2.4

GNU glibc 2.2.5

2.2.5

GNU glibc 2.3

2.3

GNU glibc 2.3.1

2.3.1

GNU glibc 2.3.2

2.3.2

GNU glibc 2.3.3

2.3.3

GNU glibc 2.3.4

2.3.4

GNU glibc 2.3.5

2.3.5

GNU glibc 2.3.6

2.3.6

GNU glibc 2.3.10

2.3.10

GNU glibc 2.4

2.4

GNU glibc 2.5

2.5

GNU glibc 2.5.1

2.5.1

GNU glibc 2.6

2.6

GNU glibc 2.6.1

2.6.1

GNU glibc 2.7

2.7

GNU glibc 2.8

2.8

GNU glibc 2.9

2.9

GNU glibc 2.10

2.10

GNU glibc 2.10.1

2.10.1

GNU glibc 2.10.2

2.10.2

GNU glibc 2.11

2.11

GNU glibc 2.11.1

2.11.1

GNU glibc

GNU glibc 2.12.0

2.12.0

GNU glibc 2.12.1

2.12.1

References

http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html

20101022 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.

20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series

42787

Vendor Advisory

GLSA-201011-01

[libc-hacker] 20101022 [PATCH] Require suid bit on audit objects in privileged programs

Patch

http://support.avaya.com/css/P8/documents/100121017

DSA-2122

MDVSA-2010:212

RHSA-2010:0872

20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap

44347

USN-1009-1

http://www.vmware.com/security/advisories/VMSA-2011-0001.html

ADV-2011-0025

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=645672

Patch

SUSE-SA:2010:052

RHSA-2010:0793

20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series

44025

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.