CVE-2010-0830

Executive Summary

Informations
Name	CVE-2010-0830	First vendor Publication	2010-06-01
Vendor	Cve	Last vendor Modification	2011-01-12

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score	5.1	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	High
Cvss Expoit Score	4.9	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0830

CWE : Common Weakness Enumeration

id	Name
CWE-189	Numeric Errors

CPE : Common Platform Enumeration

Type	Description	Count
Application	Gnu Glibc cpe:/a:gnu:glibc:2.9 cpe:/a:gnu:glibc:2.8 cpe:/a:gnu:glibc:2.7 cpe:/a:gnu:glibc:2.6.1 cpe:/a:gnu:glibc:2.6 cpe:/a:gnu:glibc:2.5.1 cpe:/a:gnu:glibc:2.5 cpe:/a:gnu:glibc:2.4 cpe:/a:gnu:glibc:2.3.6 cpe:/a:gnu:glibc:2.3.5 cpe:/a:gnu:glibc:2.3.4 cpe:/a:gnu:glibc:2.3.3 cpe:/a:gnu:glibc:2.3.2 cpe:/a:gnu:glibc:2.3.10 cpe:/a:gnu:glibc:2.3.1 cpe:/a:gnu:glibc:2.3 cpe:/a:gnu:glibc:2.2.5 cpe:/a:gnu:glibc:2.2.4 cpe:/a:gnu:glibc:2.2.3 cpe:/a:gnu:glibc:2.2.2 cpe:/a:gnu:glibc:2.2.1 cpe:/a:gnu:glibc:2.2 cpe:/a:gnu:glibc:2.11.1 cpe:/a:gnu:glibc:2.11 cpe:/a:gnu:glibc:2.10.1 cpe:/a:gnu:glibc:2.10 cpe:/a:gnu:glibc:2.1.9 cpe:/a:gnu:glibc:2.1.3 cpe:/a:gnu:glibc:2.1.2 cpe:/a:gnu:glibc:2.1.1.6 cpe:/a:gnu:glibc:2.1.1 cpe:/a:gnu:glibc:2.1 cpe:/a:gnu:glibc:2.0.6 cpe:/a:gnu:glibc:2.0.5 cpe:/a:gnu:glibc:2.0.4 cpe:/a:gnu:glibc:2.0.3 cpe:/a:gnu:glibc:2.0.2 cpe:/a:gnu:glibc:2.0.1	38

Open Source Vulnerability Database (OSVDB)

id	Description
65077	GNU C Library ld.so elf/dynamic-link.h elf_get_dynamic_info Crafted ELF Progr...

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/40063
CONFIRM	http://frugalware.org/security/662 http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6a...
DEBIAN	http://www.debian.org/security/2010/dsa-2058
GENTOO	http://security.gentoo.org/glsa/glsa-201011-01.xml
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2010:111 http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
MISC	http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html
SECTRACK	http://securitytracker.com/id?1024044
SECUNIA	http://secunia.com/advisories/39900
UBUNTU	http://www.ubuntu.com/usn/USN-944-1
VUPEN	http://www.vupen.com/english/advisories/2010/1246
XF	http://xforce.iss.net/xforce/xfdb/58915

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:19:38	Multiple Updates

Type	Count
CPE ID(s)	38
osvdb(s)	1

Related	Severity
VMSA-2012-0013	(Critical)
VMSA-2012-0018	(High)
USN-944-1	(High)
MDVSA-2010:112	(High)
MDVSA-2010:111	(High)
DSA-2058	(High)
RHSA-2012:0125	(High)
GLSA-201011-01	(High)
RHSA-2012:0126	(Medium)