CVE-2010-3847

EPSS 8.7%

elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.

Affected products

n/a · n/a

public PoCs found — 7

githubgithub.com/magisterquis/cve-2010-3847★ 0 cve_referencewww.exploit-db.com/exploits/44025/unverified cve_referencewww.exploit-db.com/exploits/44024/unverified exploitdbwww.exploit-db.com/exploits/44025unverified exploitdbwww.exploit-db.com/exploits/15304unverified exploitdbwww.exploit-db.com/exploits/15274unverified exploitdbwww.exploit-db.com/exploits/44024unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.redhat.com/show_bug.cgi?id=643306 http://seclists.org/fulldisclosure/2010/Oct/257 http://seclists.org/fulldisclosure/2010/Oct/292 http://seclists.org/fulldisclosure/2010/Oct/294 http://secunia.com/advisories/42787 http://security.gentoo.org/glsa/glsa-201011-01.xml https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html https://rhn.redhat.com/errata/RHSA-2010-0787.html http://support.avaya.com/css/P8/documents/100120941 https://www.exploit-db.com/exploits/44024/https://www.exploit-db.com/exploits/44025/