CVE-2010-3856Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-3856 | First vendor Publication | 2011-01-07 |
| Vendor | Cve | Last vendor Modification | 2011-02-12 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2011-11-10 | glibc LD_AUDIT arbitrary DSO load Privilege Escalation |
| 2010-10-22 | GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 68920 | GNU C Library Dynamic Linker LD_AUDIT non-setuid Library Loading Issue |
Internal Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2013-05-10 23:35:03 |
|
| 2013-05-01 17:22:39 |
|
| 2013-05-01 13:28:07 |
|
| 2013-05-01 09:22:48 |
|
| 2013-05-01 05:38:32 |
|
(High)
