GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/109167 | Third Party Advisory VDB Entry |
https://security-tracker.debian.org/tracker/CVE-2019-1010023 | |
https://sourceware.org/bugzilla/show_bug.cgi?id=22851 | Exploit Issue Tracking Third Party Advisory |
https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS | |
https://ubuntu.com/security/CVE-2019-1010023 |
Configurations
History
03 Jul 2024, 01:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 5.4 |
07 Nov 2023, 03:02
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. |
Information
Published : 2019-07-15 04:15
Updated : 2024-08-05 03:15
NVD link : CVE-2019-1010023
Mitre link : CVE-2019-1010023
CVE.ORG link : CVE-2019-1010023
JSON object : View
Products Affected
gnu
- glibc
CWE