ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
References
Configurations
Configuration 1 (hide)
|
History
20 Jul 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jul 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Jul 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Jul 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2011-01-07 19:00
Updated : 2024-02-28 11:41
NVD link : CVE-2010-3856
Mitre link : CVE-2010-3856
CVE.ORG link : CVE-2010-3856
JSON object : View
Products Affected
gnu
- glibc
CWE
CWE-264
Permissions, Privileges, and Access Controls