Executive Summary

Informations
Name CVE-2010-3847 First vendor Publication 2011-01-07
Vendor Cve Last vendor Modification 2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19821
 
Oval ID: oval:org.mitre.oval:def:19821
Title: VMware ESX third party updates for Service Console packages glibc, sudo, and openldap
Description: elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3847
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22199
 
Oval ID: oval:org.mitre.oval:def:22199
Title: RHSA-2010:0787: glibc security update (Important)
Description: elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
Family: unix Class: patch
Reference(s): RHSA-2010:0787-01
CESA-2010:0787
CVE-2010-3847
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23012
 
Oval ID: oval:org.mitre.oval:def:23012
Title: ELSA-2010:0787: glibc security update (Important)
Description: elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
Family: unix Class: patch
Reference(s): ELSA-2010:0787-01
CVE-2010-3847
Version: 6
Platform(s): Oracle Linux 5
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27665
 
Oval ID: oval:org.mitre.oval:def:27665
Title: DEPRECATED: ELSA-2010-0787 -- glibc security update (important)
Description: [2.5-49.el5_5.6] - Never expand in privileged programs (#643818, CVE-2010-3847)
Family: unix Class: patch
Reference(s): ELSA-2010-0787
CVE-2010-3847
Version: 4
Platform(s): Oracle Linux 5
Product(s): glibc
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 99

ExploitDB Exploits

id Description
2010-10-22 GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability
2010-10-18 GNU C library dynamic linker $ORIGIN expansion Vulnerability

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for glibc CESA-2011:0412 centos5 x86_64
File : nvt/gb_CESA-2011_0412_glibc_centos5_x86_64.nasl
2012-06-06 Name : RedHat Update for glibc RHSA-2011:0413-01
File : nvt/gb_RHSA-2011_0413-01_glibc.nasl
2011-11-28 Name : Mandriva Update for glibc MDVSA-2011:178 (glibc)
File : nvt/gb_mandriva_MDVSA_2011_178.nasl
2011-08-09 Name : CentOS Update for glibc CESA-2010:0787 centos5 i386
File : nvt/gb_CESA-2010_0787_glibc_centos5_i386.nasl
2011-08-09 Name : CentOS Update for glibc CESA-2011:0412 centos5 i386
File : nvt/gb_CESA-2011_0412_glibc_centos5_i386.nasl
2011-04-06 Name : RedHat Update for glibc RHSA-2011:0412-01
File : nvt/gb_RHSA-2011_0412-01_glibc.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201011-01 (glibc)
File : nvt/glsa_201011_01.nasl
2011-03-07 Name : Debian Security Advisory DSA 2122-2 (glibc)
File : nvt/deb_2122_2.nasl
2011-01-14 Name : Ubuntu Update for eglibc, glibc vulnerability USN-1009-2
File : nvt/gb_ubuntu_USN_1009_2.nasl
2010-12-02 Name : Fedora Update for glibc FEDORA-2010-16308
File : nvt/gb_fedora_2010_16308_glibc_fc14.nasl
2010-11-17 Name : Debian Security Advisory DSA 2122-1 (glibc)
File : nvt/deb_2122_1.nasl
2010-11-16 Name : Fedora Update for glibc FEDORA-2010-16641
File : nvt/gb_fedora_2010_16641_glibc_fc12.nasl
2010-11-16 Name : SuSE Update for glibc SUSE-SA:2010:052
File : nvt/gb_suse_2010_052.nasl
2010-11-04 Name : Fedora Update for glibc FEDORA-2010-16655
File : nvt/gb_fedora_2010_16655_glibc_fc13.nasl
2010-10-26 Name : Fedora Update for glibc FEDORA-2010-16594
File : nvt/gb_fedora_2010_16594_glibc_fc13.nasl
2010-10-26 Name : Ubuntu Update for glibc, eglibc vulnerabilities USN-1009-1
File : nvt/gb_ubuntu_USN_1009_1.nasl
2010-10-22 Name : RedHat Update for glibc RHSA-2010:0787-01
File : nvt/gb_RHSA-2010_0787-01_glibc.nasl
2010-10-22 Name : Mandriva Update for glibc MDVSA-2010:207 (glibc)
File : nvt/gb_mandriva_MDVSA_2010_207.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-295-01 glibc
File : nvt/esoft_slk_ssa_2010_295_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
68721 GNU C Library Dynamic Linker $ORIGIN Substitution Expansion Weakness Local Pr...

The weakness is caused due to dynamic linker expanding the "$ORIGIN" substitution for privileged applications, which can be exploited to gain escalated privileges by e.g. hard linking to a setuid application and forcing the expansion of "$ORIGIN" via "LD_AUDIT".

Metasploit Database

id Description
2010-10-18 glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
2010-10-18 glibc "$ORIGIN" Expansion Privilege Escalation

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2011-0010_remote.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2011-0001_remote.nasl - Type : ACT_GATHER_INFO
2015-02-02 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2015-0023.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_glibc-101027.nasl - Type : ACT_GATHER_INFO
2013-12-03 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201312-01.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0413.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0412.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0872.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0787.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101020_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101110_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110404_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-11-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-178.nasl - Type : ACT_GATHER_INFO
2011-04-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0412.nasl - Type : ACT_GATHER_INFO
2011-04-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0412.nasl - Type : ACT_GATHER_INFO
2011-04-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0413.nasl - Type : ACT_GATHER_INFO
2011-01-12 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1009-2.nasl - Type : ACT_GATHER_INFO
2011-01-06 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2011-0001.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-101025.nasl - Type : ACT_GATHER_INFO
2010-11-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0787.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0872.nasl - Type : ACT_GATHER_INFO
2010-11-16 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201011-01.nasl - Type : ACT_GATHER_INFO
2010-11-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16641.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_glibc-101026.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_glibc-101027.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_glibc-7201.nasl - Type : ACT_GATHER_INFO
2010-10-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1009-1.nasl - Type : ACT_GATHER_INFO
2010-10-24 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16594.nasl - Type : ACT_GATHER_INFO
2010-10-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2122.nasl - Type : ACT_GATHER_INFO
2010-10-24 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-295-01.nasl - Type : ACT_GATHER_INFO
2010-10-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0787.nasl - Type : ACT_GATHER_INFO
2010-10-21 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-207.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16308.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/44154
BUGTRAQ http://www.securityfocus.com/archive/1/515545/100/0/threaded
CERT-VN http://www.kb.cert.org/vuls/id/537223
CONFIRM http://support.avaya.com/css/P8/documents/100120941
http://www.vmware.com/security/advisories/VMSA-2011-0001.html
https://bugzilla.redhat.com/show_bug.cgi?id=643306
DEBIAN http://www.debian.org/security/2010/dsa-2122
EXPLOIT-DB https://www.exploit-db.com/exploits/44024/
https://www.exploit-db.com/exploits/44025/
FULLDISC http://seclists.org/fulldisclosure/2010/Oct/257
http://seclists.org/fulldisclosure/2010/Oct/292
http://seclists.org/fulldisclosure/2010/Oct/294
GENTOO http://security.gentoo.org/glsa/glsa-201011-01.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2010:207
MLIST http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html
REDHAT http://www.redhat.com/support/errata/RHSA-2010-0872.html
https://rhn.redhat.com/errata/RHSA-2010-0787.html
SECUNIA http://secunia.com/advisories/42787
SUSE https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
UBUNTU http://www.ubuntu.com/usn/USN-1009-1
VUPEN http://www.vupen.com/english/advisories/2011/0025

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Date Informations
2023-02-13 09:29:02
  • Multiple Updates
2023-02-02 17:28:12
  • Multiple Updates
2021-05-04 12:12:53
  • Multiple Updates
2021-04-22 01:13:20
  • Multiple Updates
2020-12-11 01:05:56
  • Multiple Updates
2020-05-24 01:06:56
  • Multiple Updates
2020-05-23 13:16:56
  • Multiple Updates
2020-05-23 01:42:51
  • Multiple Updates
2020-05-23 00:26:42
  • Multiple Updates
2018-10-11 00:19:58
  • Multiple Updates
2018-05-30 12:03:14
  • Multiple Updates
2018-02-15 09:19:53
  • Multiple Updates
2017-12-22 12:01:13
  • Multiple Updates
2016-12-07 09:24:10
  • Multiple Updates
2016-04-26 20:09:56
  • Multiple Updates
2016-03-05 13:26:42
  • Multiple Updates
2015-02-03 13:24:09
  • Multiple Updates
2014-06-14 13:29:36
  • Multiple Updates
2014-02-17 10:58:06
  • Multiple Updates
2013-05-10 23:34:56
  • Multiple Updates