Lucene search
RedHatRHSA-2010:0787HistoryOct 20, 2010 - 12:00 a.m.
(RHSA-2010:0787) Important: glibc security update
2010-10-2000:00:00
access.redhat.com
15
0.001 Low
EPSS
Percentile
31.1%
The glibc packages contain the standard C libraries used by multiple
programs on the system. These packages contain the standard C and the
standard math libraries. Without these two libraries, a Linux system cannot
function properly.
It was discovered that the glibc dynamic linker/loader did not handle the
$ORIGIN dynamic string token set in the LD_AUDIT environment variable
securely. A local attacker with write access to a file system containing
setuid or setgid binaries could use this flaw to escalate their privileges.
(CVE-2010-3847)
Red Hat would like to thank Tavis Ormandy for reporting this issue.
All users should upgrade to these updated packages, which contain a
backported patch to correct this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 5 | i386 | glibc | < 2.5-49.el5_5.6 | glibc-2.5-49.el5_5.6.i386.rpm |
| RedHat | 5 | ppc64 | glibc-devel | < 2.5-49.el5_5.6 | glibc-devel-2.5-49.el5_5.6.ppc64.rpm |
| RedHat | 5 | x86_64 | glibc-common | < 2.5-49.el5_5.6 | glibc-common-2.5-49.el5_5.6.x86_64.rpm |
| RedHat | 5 | s390 | glibc-devel | < 2.5-49.el5_5.6 | glibc-devel-2.5-49.el5_5.6.s390.rpm |
| RedHat | 5 | i386 | glibc-headers | < 2.5-49.el5_5.6 | glibc-headers-2.5-49.el5_5.6.i386.rpm |
| RedHat | 5 | ia64 | glibc-devel | < 2.5-49.el5_5.6 | glibc-devel-2.5-49.el5_5.6.ia64.rpm |
| RedHat | 5 | ia64 | nscd | < 2.5-49.el5_5.6 | nscd-2.5-49.el5_5.6.ia64.rpm |
| RedHat | 5 | ppc | glibc-utils | < 2.5-49.el5_5.6 | glibc-utils-2.5-49.el5_5.6.ppc.rpm |
| RedHat | 5 | x86_64 | nscd | < 2.5-49.el5_5.6 | nscd-2.5-49.el5_5.6.x86_64.rpm |
| RedHat | 5 | i686 | glibc | < 2.5-49.el5_5.6 | glibc-2.5-49.el5_5.6.i686.rpm |
Related
cert
cert
GNU C library dynamic linker expands $ORIGIN in setuid library search path
2010-10-25 00:00:00
canvas
canvas
Immunity Canvas: CVE_2010_3847
2011-01-07 19:00:00
openvas
openvas
Mandriva Update for glibc MDVSA-2010:207 (glibc)
2010-10-22 00:00:00
Mandriva Update for glibc MDVSA-2010:207 (glibc)
2010-10-22 00:00:00
RedHat Update for glibc RHSA-2010:0787-01
2010-10-22 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: glibc-2.12.1-3
2010-10-22 18:07:50
[SECURITY] Fedora 14 Update: glibc-2.12.90-17
2010-10-19 22:23:05
[SECURITY] Fedora 12 Update: glibc-2.11.2-3
2010-10-30 23:47:35
nessus
nessus
RHEL 5 : glibc (RHSA-2010:0787)
2010-10-21 00:00:00
Oracle Linux 5 : glibc (ELSA-2010-0787)
2013-07-12 00:00:00
prion
prion
Directory traversal
2011-01-07 19:00:00
Design/Logic Flaw
2011-04-08 15:17:00
Design/Logic Flaw
2011-04-08 15:17:00
debiancve
debiancve
CVE-2010-3847
2011-01-07 19:00:17
CVE-2011-0536
2011-04-08 15:17:26
slackware
slackware
[slackware-security] glibc
2010-10-22 21:19:24
zdt
zdt
glibc $ORIGIN Expansion Privilege Escalation Exploit
2018-02-10 00:00:00
glibc LD_AUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation Exploit
2018-04-01 00:00:00
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation Exploit
2018-02-10 00:00:00
nvd
nvd
packetstorm
packetstorm
glibc '$ORIGIN' Expansion Privilege Escalation
2018-02-10 00:00:00
GNU C Library Dynamic Linker $ORIGIN Expansion Vulnerability
2010-10-19 00:00:00
cve
cve
oraclelinux
oraclelinux
glibc security update
2010-10-21 00:00:00
glibc security and bug fix update
2011-02-10 00:00:00
cvelist
cvelist
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:54:45
Privilege Escalation
2020-04-10 00:55:25
ubuntucve
ubuntucve
centos
centos
glibc, nscd security update
2010-10-21 09:47:03
glibc, nscd security update
2011-04-14 13:51:19
metasploit
metasploit
glibc '$ORIGIN' Expansion Privilege Escalation
2018-02-09 21:15:04
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
2018-01-28 05:11:38
exploitdb
exploitdb
glibc - '$ORIGIN' Expansion Privilege Escalation (Metasploit)
2018-02-12 00:00:00
GNU C library dynamic linker - '$ORIGIN' Expansion
2010-10-18 00:00:00
redhat
redhat
(RHSA-2010:0872) Important: glibc security and bug fix update
2010-11-10 00:00:00
(RHSA-2011:0413) Important: glibc security update
2011-04-04 00:00:00
(RHSA-2011:0412) Important: glibc security update
2011-04-04 00:00:00
osv
osv
glibc - privilege escalation
2010-10-22 00:00:00
glibc - local privilege escalation
2010-10-22 00:00:00
securityvulns
securityvulns
GNU C dynamic linker privilege escalation
2010-10-26 00:00:00
seebug
seebug
GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability
2014-07-01 00:00:00
GNU C library dynamic linker $ORIGIN expansion Vulnerability
2014-07-01 00:00:00
ubuntu
ubuntu
GNU C Library vulnerabilities
2010-10-22 00:00:00
GNU C Library vulnerability
2011-01-12 00:00:00
exploitpack
exploitpack
GNU C library dynamic linker - $ORIGIN Expansion
2010-10-18 00:00:00
debian
debian
[SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalation
2010-10-22 17:05:33
[SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation
2011-01-11 19:49:11
vmware
vmware
gentoo
gentoo
GNU C library: Multiple vulnerabilities
2010-11-15 00:00:00
GNU C Library: Multiple vulnerabilities
2013-12-03 00:00:00
suse
suse
local privilege escalation in glibc
2010-10-28 13:41:00