Executive Summary

Informations
NameCVE-2010-0830First vendor Publication2010-06-01
VendorCveLast vendor Modification2011-01-12

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score5.1Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0830

CWE : Common Weakness Enumeration

idName
CWE-189Numeric Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20684
 
Oval ID: oval:org.mitre.oval:def:20684
Title: VMware vSphere and vCOps updates to third party libraries
Description: Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0830
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application38

OpenVAS Exploits

DateDescription
2012-12-27Name : VMSA-2012-0018: VMware security updates for vCSA and ESXi
File : nvt/gb_VMSA-2012-0018.nasl
2012-08-31Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.
File : nvt/gb_VMSA-2012-0013.nasl
2012-07-30Name : CentOS Update for glibc CESA-2012:0125 centos4
File : nvt/gb_CESA-2012_0125_glibc_centos4.nasl
2012-07-30Name : CentOS Update for glibc CESA-2012:0126 centos5
File : nvt/gb_CESA-2012_0126_glibc_centos5.nasl
2012-02-21Name : RedHat Update for glibc RHSA-2012:0125-01
File : nvt/gb_RHSA-2012_0125-01_glibc.nasl
2012-02-21Name : RedHat Update for glibc RHSA-2012:0126-01
File : nvt/gb_RHSA-2012_0126-01_glibc.nasl
2011-03-09Name : Gentoo Security Advisory GLSA 201011-01 (glibc)
File : nvt/glsa_201011_01.nasl
2010-11-16Name : SuSE Update for glibc SUSE-SA:2010:052
File : nvt/gb_suse_2010_052.nasl
2010-06-11Name : Mandriva Update for glibc MDVSA-2010:111 (glibc)
File : nvt/gb_mandriva_MDVSA_2010_111.nasl
2010-06-11Name : Mandriva Update for glibc MDVSA-2010:112 (glibc)
File : nvt/gb_mandriva_MDVSA_2010_112.nasl
2010-06-10Name : Debian Security Advisory DSA 2058-1 (glibc, eglibc)
File : nvt/deb_2058_1.nasl
2010-05-28Name : Ubuntu Update for glibc, eglibc vulnerabilities USN-944-1
File : nvt/gb_ubuntu_USN_944_1.nasl
2010-04-06Name : Mandriva Update for initscripts MDVA-2010:111 (initscripts)
File : nvt/gb_mandriva_MDVA_2010_111.nasl
2010-04-06Name : Mandriva Update for kdebase4-workspace MDVA-2010:112 (kdebase4-workspace)
File : nvt/gb_mandriva_MDVA_2010_112.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
65077GNU C Library ld.so elf/dynamic-link.h elf_get_dynamic_info Crafted ELF Progr...

Information Assurance Vulnerability Management (IAVM)

DateDescription
2013-02-28IAVM : 2013-B-0018 - Multiple Vulnerabilities in VMware vCenter Server 5.0
Severity : Category I - VMSKEY : V0037063
2012-09-27IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity : Category I - VMSKEY : V0033884
2012-09-13IAVM : 2012-B-0086 - VMware vCenter Operations Arbitrary File Overwrite Vulnerability
Severity : Category I - VMSKEY : V0033791
2012-09-13IAVM : 2012-A-0146 - Multiple Vulnerabilities in VMware vCenter Update Manager 4.1
Severity : Category I - VMSKEY : V0033792
2012-09-13IAVM : 2012-A-0147 - Multiple Vulnerabilities in VMware vCenter Server 4.1
Severity : Category I - VMSKEY : V0033793
2012-09-13IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity : Category I - VMSKEY : V0033794

Nessus® Vulnerability Scanner

DateDescription
2013-11-13Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_0_build_912577_remote.nasl - Type : ACT_GATHER_INFO
2013-11-13Name : The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_1_build_1063671_remote.nasl - Type : ACT_GATHER_INFO
2013-07-29Name : The remote host has a virtualization appliance installed that is affected by ...
File : vcenter_operations_manager_vmsa_2012-0013.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0125.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0126.nasl - Type : ACT_GATHER_INFO
2013-06-17Name : The remote host has an update manager installed that is affected by multiple ...
File : vmware_vcenter_update_mgr_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO
2013-06-05Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO
2013-03-12Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2012-0018.nasl - Type : ACT_GATHER_INFO
2012-12-24Name : The remote VMware ESXi host is missing one or more security-related patches.
File : vmware_VMSA-2012-0018.nasl - Type : ACT_GATHER_INFO
2012-08-31Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120213_glibc_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120213_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-02-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0125.nasl - Type : ACT_GATHER_INFO
2012-02-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0126.nasl - Type : ACT_GATHER_INFO
2012-02-14Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0125.nasl - Type : ACT_GATHER_INFO
2012-02-14Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0126.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-100709.nasl - Type : ACT_GATHER_INFO
2011-01-21Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-100708.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-101025.nasl - Type : ACT_GATHER_INFO
2010-11-16Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201011-01.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_glibc-7201.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote SuSE system is missing a security patch for glibc
File : suse_11_1_glibc-101026.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote SuSE system is missing a security patch for glibc
File : suse_11_2_glibc-101027.nasl - Type : ACT_GATHER_INFO
2010-10-06Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12641.nasl - Type : ACT_GATHER_INFO
2010-07-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-112.nasl - Type : ACT_GATHER_INFO
2010-06-11Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2058.nasl - Type : ACT_GATHER_INFO
2010-06-09Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-111.nasl - Type : ACT_GATHER_INFO
2010-05-26Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-944-1.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/40063
CONFIRMhttp://frugalware.org/security/662
http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6a...
DEBIANhttp://www.debian.org/security/2010/dsa-2058
GENTOOhttp://security.gentoo.org/glsa/glsa-201011-01.xml
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:111
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
MISChttp://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html
SECTRACKhttp://securitytracker.com/id?1024044
SECUNIAhttp://secunia.com/advisories/39900
UBUNTUhttp://www.ubuntu.com/usn/USN-944-1
VUPENhttp://www.vupen.com/english/advisories/2010/1246
XFhttp://xforce.iss.net/xforce/xfdb/58915

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 10:54:12
  • Multiple Updates
2013-11-11 12:38:39
  • Multiple Updates
2013-05-10 23:19:38
  • Multiple Updates