Executive Summary

Informations
Name CVE-2011-1095 First vendor Publication 2011-04-09
Vendor Cve Last vendor Modification 2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity High
Cvss Expoit Score 1.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1095

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12272
 
Oval ID: oval:org.mitre.oval:def:12272
Title: VMSA-2011-0010 VMware ESX third party updates for Service Console packages glibc and dhcp
Description: locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1095
Version: 4
Platform(s): VMWare ESX Server 4.0
VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20099
 
Oval ID: oval:org.mitre.oval:def:20099
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1095
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20638
 
Oval ID: oval:org.mitre.oval:def:20638
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1095
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 104

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for glibc CESA-2011:0412 centos5 x86_64
File : nvt/gb_CESA-2011_0412_glibc_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for glibc CESA-2012:0125 centos4
File : nvt/gb_CESA-2012_0125_glibc_centos4.nasl
2012-06-06 Name : RedHat Update for glibc RHSA-2011:0413-01
File : nvt/gb_RHSA-2011_0413-01_glibc.nasl
2012-03-16 Name : VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX...
File : nvt/gb_VMSA-2011-0012.nasl
2012-03-12 Name : Ubuntu Update for eglibc USN-1396-1
File : nvt/gb_ubuntu_USN_1396_1.nasl
2012-02-21 Name : RedHat Update for glibc RHSA-2012:0125-01
File : nvt/gb_RHSA-2012_0125-01_glibc.nasl
2011-11-28 Name : Mandriva Update for glibc MDVSA-2011:178 (glibc)
File : nvt/gb_mandriva_MDVSA_2011_178.nasl
2011-08-09 Name : CentOS Update for glibc CESA-2011:0412 centos5 i386
File : nvt/gb_CESA-2011_0412_glibc_centos5_i386.nasl
2011-04-06 Name : RedHat Update for glibc RHSA-2011:0412-01
File : nvt/gb_RHSA-2011_0412-01_glibc.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201011-01 (glibc)
File : nvt/glsa_201011_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
73407 GNU C Library locale/programs/locale.c Output Quoting Localization Environmen...

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-10-27 IAVM : 2011-A-0147 - Multiple Vulnerabilities in VMware ESX and ESXi
Severity : Category I - VMSKEY : V0030545
2011-08-04 IAVM : 2011-A-0108 - Multiple Vulnerabilities in VMware ESX Service Console
Severity : Category I - VMSKEY : V0029562

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0012_remote.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2011-0010_remote.nasl - Type : ACT_GATHER_INFO
2015-02-02 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2015-0023.nasl - Type : ACT_GATHER_INFO
2013-12-03 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201312-01.nasl - Type : ACT_GATHER_INFO
2013-11-13 Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_0_build_515841_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0412.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0413.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0125.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120213_glibc_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110404_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-03-12 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1396-1.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0125.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0125.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-110517.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_glibc-7574.nasl - Type : ACT_GATHER_INFO
2011-11-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-178.nasl - Type : ACT_GATHER_INFO
2011-10-14 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0012.nasl - Type : ACT_GATHER_INFO
2011-08-01 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2011-0010.nasl - Type : ACT_GATHER_INFO
2011-06-28 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12775.nasl - Type : ACT_GATHER_INFO
2011-06-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-110516.nasl - Type : ACT_GATHER_INFO
2011-06-28 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_glibc-7575.nasl - Type : ACT_GATHER_INFO
2011-04-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0412.nasl - Type : ACT_GATHER_INFO
2011-04-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0413.nasl - Type : ACT_GATHER_INFO
2011-04-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0412.nasl - Type : ACT_GATHER_INFO
2010-11-16 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201011-01.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BUGTRAQ http://www.securityfocus.com/archive/1/520102/100/0/threaded
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=330923
http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904
http://sourceware.org/bugzilla/show_bug.cgi?id=11904
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=625893
GENTOO http://security.gentoo.org/glsa/glsa-201011-01.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
MISC http://sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d95...
MLIST http://openwall.com/lists/oss-security/2011/03/08/21
http://openwall.com/lists/oss-security/2011/03/08/22
http://openwall.com/lists/oss-security/2011/03/08/8
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://www.redhat.com/support/errata/RHSA-2011-0412.html
http://www.redhat.com/support/errata/RHSA-2011-0413.html
SECTRACK http://securitytracker.com/id?1025286
SECUNIA http://secunia.com/advisories/43830
http://secunia.com/advisories/43976
http://secunia.com/advisories/43989
http://secunia.com/advisories/46397
VUPEN http://www.vupen.com/english/advisories/2011/0863

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Date Informations
2023-02-13 05:28:35
  • Multiple Updates
2021-05-04 12:14:10
  • Multiple Updates
2021-04-22 01:15:22
  • Multiple Updates
2020-12-11 01:06:28
  • Multiple Updates
2020-05-24 01:07:31
  • Multiple Updates
2020-05-23 01:44:02
  • Multiple Updates
2020-05-23 00:27:58
  • Multiple Updates
2019-03-07 12:03:58
  • Multiple Updates
2018-10-10 00:19:42
  • Multiple Updates
2018-05-30 12:03:32
  • Multiple Updates
2017-12-21 12:01:24
  • Multiple Updates
2017-09-19 09:24:16
  • Multiple Updates
2016-04-26 20:37:08
  • Multiple Updates
2016-03-05 13:26:42
  • Multiple Updates
2015-02-03 13:24:10
  • Multiple Updates
2014-02-17 11:00:59
  • Multiple Updates
2013-11-11 12:39:16
  • Multiple Updates
2013-05-10 22:56:13
  • Multiple Updates