7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.1%
USN-1009-1 fixed vulnerabilities in the GNU C library. Colin Watson
discovered that the fixes were incomplete and introduced flaws with
setuid programs loading libraries that used dynamic string tokens in their
RPATH. If the “man” program was installed setuid, a local attacker could
exploit this to gain “man” user privileges, potentially leading to further
privilege escalations. Default Ubuntu installations were not affected.
Original advisory details:
Tavis Ormandy discovered multiple flaws in the GNU C Library’s handling
of the LD_AUDIT environment variable when running a privileged binary. A
local attacker could exploit this to gain root privileges. (CVE-2010-3847,
CVE-2010-3856)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.10 | noarch | libc6 | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc-bin | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc-dev-bin | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-dbg | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-dev | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-dev-i386 | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-i386 | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-pic | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-prof | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-udeb | < 2.10.1-0ubuntu19 | UNKNOWN |