User: Password:
Subscribe / Log in / New account

glibc: privilege escalation

Package(s):glibc CVE #(s):CVE-2010-3847
Created:October 21, 2010 Updated:April 15, 2011

From the Red Hat advisory:

It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LD_AUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use this flaw to escalate their privileges. (CVE-2010-3847)

For a detailed look, see Tavis Ormandy's report.

Gentoo 201312-01 glibc 2013-12-02
CentOS CESA-2011:0412 glibc 2011-04-14
Debian DSA-2122-2 glibc 2011-01-11
Ubuntu USN-1009-2 eglibc, glibc 2011-01-12
Gentoo 201011-01 glibc 2010-11-15
Red Hat RHSA-2010:0872-02 glibc 2010-11-10
Fedora FEDORA-2010-16641 glibc 2010-10-27
Fedora FEDORA-2010-16655 glibc 2010-10-27
SUSE SUSE-SA:2010:052 glibc 2010-10-28
openSUSE openSUSE-SU-2010:0912-1 glibc 2010-10-28
Debian DSA-2122-1 glibc 2010-10-22
Red Hat RHSA-2010:0787-01 glibc 2010-10-20
Ubuntu USN-1009-1 glibc, eglibc 2010-10-22
Fedora FEDORA-2010-16594 glibc 2010-10-21
Mandriva MDVSA-2010:207 glibc 2010-10-20
CentOS CESA-2010:0787 glibc 2010-10-21

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds