Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2010-3847HistoryJan 07, 2011 - 7:00 p.m.
CVE-2010-3847
2011-01-0719:00:17
Debian Security Bug Tracker
security-tracker.debian.org
10
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
31.1%
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | glibc | < 2.11.2-8 | glibc_2.11.2-8_all.deb |
| Debian | 11 | all | glibc | < 2.11.2-8 | glibc_2.11.2-8_all.deb |
| Debian | 999 | all | glibc | < 2.11.2-8 | glibc_2.11.2-8_all.deb |
| Debian | 13 | all | glibc | < 2.11.2-8 | glibc_2.11.2-8_all.deb |
Related
nessus
nessus
CentOS 5 : glibc (CESA-2010:0787)
2010-11-24 00:00:00
RHEL 5 : glibc (RHSA-2010:0787)
2010-10-21 00:00:00
openvas
openvas
Mandriva Update for glibc MDVSA-2010:207 (glibc)
2010-10-22 00:00:00
RedHat Update for glibc RHSA-2010:0787-01
2010-10-22 00:00:00
RedHat Update for glibc RHSA-2010:0787-01
2010-10-22 00:00:00
slackware
slackware
[slackware-security] glibc
2010-10-22 21:19:24
zdt
zdt
glibc $ORIGIN Expansion Privilege Escalation Exploit
2018-02-10 00:00:00
glibc LD_AUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation Exploit
2018-04-01 00:00:00
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation Exploit
2018-02-10 00:00:00
cert
cert
GNU C library dynamic linker expands $ORIGIN in setuid library search path
2010-10-25 00:00:00
canvas
canvas
Immunity Canvas: CVE_2010_3847
2011-01-07 19:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: glibc-2.12.1-3
2010-10-22 18:07:50
[SECURITY] Fedora 14 Update: glibc-2.12.90-17
2010-10-19 22:23:05
[SECURITY] Fedora 12 Update: glibc-2.11.2-3
2010-10-30 23:47:35
prion
prion
Directory traversal
2011-01-07 19:00:00
Design/Logic Flaw
2011-04-08 15:17:00
Design/Logic Flaw
2011-04-08 15:17:00
packetstorm
packetstorm
glibc '$ORIGIN' Expansion Privilege Escalation
2018-02-10 00:00:00
GNU C Library Dynamic Linker $ORIGIN Expansion Vulnerability
2010-10-19 00:00:00
cve
cve
nvd
nvd
oraclelinux
oraclelinux
glibc security update
2010-10-21 00:00:00
glibc security and bug fix update
2011-02-10 00:00:00
cvelist
cvelist
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:54:45
Privilege Escalation
2020-04-10 00:55:25
ubuntucve
ubuntucve
centos
centos
glibc, nscd security update
2010-10-21 09:47:03
glibc, nscd security update
2011-04-14 13:51:19
metasploit
metasploit
glibc '$ORIGIN' Expansion Privilege Escalation
2018-02-09 21:15:04
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
2018-01-28 05:11:38
redhat
redhat
(RHSA-2010:0787) Important: glibc security update
2010-10-20 00:00:00
(RHSA-2010:0872) Important: glibc security and bug fix update
2010-11-10 00:00:00
(RHSA-2011:0413) Important: glibc security update
2011-04-04 00:00:00
exploitdb
exploitdb
glibc - '$ORIGIN' Expansion Privilege Escalation (Metasploit)
2018-02-12 00:00:00
GNU C library dynamic linker - '$ORIGIN' Expansion
2010-10-18 00:00:00
securityvulns
securityvulns
GNU C dynamic linker privilege escalation
2010-10-26 00:00:00
osv
osv
glibc - privilege escalation
2010-10-22 00:00:00
glibc - local privilege escalation
2010-10-22 00:00:00
seebug
seebug
GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability
2014-07-01 00:00:00
GNU C library dynamic linker $ORIGIN expansion Vulnerability
2014-07-01 00:00:00
ubuntu
ubuntu
GNU C Library vulnerabilities
2010-10-22 00:00:00
GNU C Library vulnerability
2011-01-12 00:00:00
exploitpack
exploitpack
GNU C library dynamic linker - $ORIGIN Expansion
2010-10-18 00:00:00
debiancve
debiancve
CVE-2011-0536
2011-04-08 15:17:26
debian
debian
[SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalation
2010-10-22 17:05:33
[SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation
2011-01-11 19:49:11
vmware
vmware
gentoo
gentoo
GNU C library: Multiple vulnerabilities
2010-11-15 00:00:00
GNU C Library: Multiple vulnerabilities
2013-12-03 00:00:00
suse
suse
local privilege escalation in glibc
2010-10-28 13:41:00
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
31.1%
Related for DEBIANCVE:CVE-2010-3847