CVE-2010-3847Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-3847 | First vendor Publication | 2011-01-07 |
| Vendor | Cve | Last vendor Modification | 2011-03-07 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 6.9 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 3.4 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-10-22 | GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability |
| 2010-10-18 | GNU C library dynamic linker $ORIGIN expansion Vulnerability |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 68721 | GNU C Library Dynamic Linker $ORIGIN Substitution Expansion Weakness Local Pr... |
Internal Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2013-05-10 23:34:56 |
|
| 2013-05-01 17:22:39 |
|
| 2013-05-01 13:28:07 |
|
| 2013-05-01 09:22:47 |
|
| 2013-05-01 05:38:32 |
|
(Critical)
(High)
(Medium)
