← back
CVE-2011-1095

CVE-2011-1095

EPSS 0.5%
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bugs.gentoo.org/show_bug.cgi?id=330923http://openwall.com/lists/oss-security/2011/03/08/21http://openwall.com/lists/oss-security/2011/03/08/22http://openwall.com/lists/oss-security/2011/03/08/8https://bugzilla.redhat.com/show_bug.cgi?id=625893http://secunia.com/advisories/43830http://secunia.com/advisories/43976http://secunia.com/advisories/43989http://secunia.com/advisories/46397http://security.gentoo.org/glsa/glsa-201011-01.xmlhttp://securitytracker.com/id?1025286http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904