CVE-2010-3847

Published: Jan 7, 2011Modified: Apr 29, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.

Affected (55)

Products: Gnu: Glibc

1 product

Configuration A

55 vulnerable

Vulnerable Software	Affected Versions
Gnu Glibc	Up to 2.11.2
Gnu Glibc	Version 1.00
Gnu Glibc	Version 1.01
Gnu Glibc	Version 1.02
Gnu Glibc	Version 1.03
Gnu Glibc	Version 1.04
Gnu Glibc	Version 1.05
Gnu Glibc	Version 1.06
Gnu Glibc	Version 1.07
Gnu Glibc	Version 1.08
Gnu Glibc	Version 1.09.1
Gnu Glibc	Version 1.09
Gnu Glibc	Version 2.0.1
Gnu Glibc	Version 2.0.2
Gnu Glibc	Version 2.0.3
Gnu Glibc	Version 2.0.4
Gnu Glibc	Version 2.0.5
Gnu Glibc	Version 2.0.6
Gnu Glibc	Version 2.0
Gnu Glibc	Version 2.1.1.6
Gnu Glibc	Version 2.1.1
Gnu Glibc	Version 2.1.2
Gnu Glibc	Version 2.1.3.10
Gnu Glibc	Version 2.1.3
Gnu Glibc	Version 2.1.9
Gnu Glibc	Version 2.10.1
Gnu Glibc	Version 2.10.2
Gnu Glibc	Version 2.10
Gnu Glibc	Version 2.11.1
Gnu Glibc	Version 2.11
Gnu Glibc	Version 2.12.0
Gnu Glibc	Version 2.12.1
Gnu Glibc	Version 2.1
Gnu Glibc	Version 2.2.1
Gnu Glibc	Version 2.2.2
Gnu Glibc	Version 2.2.3
Gnu Glibc	Version 2.2.4
Gnu Glibc	Version 2.2.5
Gnu Glibc	Version 2.2
Gnu Glibc	Version 2.3.10
Gnu Glibc	Version 2.3.1
Gnu Glibc	Version 2.3.2
Gnu Glibc	Version 2.3.3
Gnu Glibc	Version 2.3.4
Gnu Glibc	Version 2.3.5
Gnu Glibc	Version 2.3.6
Gnu Glibc	Version 2.3
Gnu Glibc	Version 2.4
Gnu Glibc	Version 2.5.1
Gnu Glibc	Version 2.5
Gnu Glibc	Version 2.6.1
Gnu Glibc	Version 2.6
Gnu Glibc	Version 2.7
Gnu Glibc	Version 2.8
Gnu Glibc	Version 2.9

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (42)

http://seclists.org/fulldisclosure/2010/Oct/257

Source: secalert@redhat.com

Exploit

http://seclists.org/fulldisclosure/2010/Oct/292

Source: secalert@redhat.com

http://seclists.org/fulldisclosure/2010/Oct/294

Source: secalert@redhat.com

http://secunia.com/advisories/42787

Source: secalert@redhat.com

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201011-01.xml

Source: secalert@redhat.com

http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html

Source: secalert@redhat.com

Patch

http://support.avaya.com/css/P8/documents/100120941

Source: secalert@redhat.com

http://www.debian.org/security/2010/dsa-2122

Source: secalert@redhat.com

http://www.kb.cert.org/vuls/id/537223

Source: secalert@redhat.com

US Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2010:207

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2010-0872.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/515545/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/44154

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1009-1

Source: secalert@redhat.com

http://www.vmware.com/security/advisories/VMSA-2011-0001.html

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0025

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=643306

Source: secalert@redhat.com

Patch

https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html

Source: secalert@redhat.com

https://rhn.redhat.com/errata/RHSA-2010-0787.html

Source: secalert@redhat.com

https://www.exploit-db.com/exploits/44024/

Source: secalert@redhat.com

https://www.exploit-db.com/exploits/44025/

Source: secalert@redhat.com

http://seclists.org/fulldisclosure/2010/Oct/257

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://seclists.org/fulldisclosure/2010/Oct/292

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2010/Oct/294

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/42787

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201011-01.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://support.avaya.com/css/P8/documents/100120941

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2010/dsa-2122

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/537223

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2010:207

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2010-0872.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/515545/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/44154

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1009-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vmware.com/security/advisories/VMSA-2011-0001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0025

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=643306

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://rhn.redhat.com/errata/RHSA-2010-0787.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/44024/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/44025/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.