National Cyber Awareness System

Vulnerability Summary for CVE-2010-3856

Overview

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=645672

Type: Patch Information

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=645672

External Source: MLIST

Name: [libc-hacker] 20101022 [PATCH] Require suid bit on audit objects in privileged programs

Type: Patch Information

Hyperlink:http://sourceware.org/ml/libc-hacker/2010-10/msg00010.html

External Source: REDHAT

Name: RHSA-2010:0793

Hyperlink:https://rhn.redhat.com/errata/RHSA-2010-0793.html

External Source: VUPEN

Name: ADV-2011-0025

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2011/0025

External Source: CONFIRM

Name: http://www.vmware.com/security/advisories/VMSA-2011-0001.html

Hyperlink:http://www.vmware.com/security/advisories/VMSA-2011-0001.html

External Source: UBUNTU

Name: USN-1009-1

Hyperlink:http://www.ubuntu.com/usn/USN-1009-1

External Source: BID

Name: 44347

Hyperlink:http://www.securityfocus.com/bid/44347

External Source: BUGTRAQ

Name: 20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/515545/100/0/threaded

External Source: REDHAT

Name: RHSA-2010:0872

Hyperlink:http://www.redhat.com/support/errata/RHSA-2010-0872.html

External Source: MANDRIVA

Name: MDVSA-2010:212

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:212

External Source: DEBIAN

Name: DSA-2122

Hyperlink:http://www.debian.org/security/2010/dsa-2122

External Source: CONFIRM

Name: http://support.avaya.com/css/P8/documents/100121017

Hyperlink:http://support.avaya.com/css/P8/documents/100121017

External Source: GENTOO

Name: GLSA-201011-01

Hyperlink:http://security.gentoo.org/glsa/glsa-201011-01.xml

External Source: SECUNIA

Name: 42787

Type: Advisory

Hyperlink:http://secunia.com/advisories/42787

External Source: FULLDISC

Name: 20101022 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.

Hyperlink:http://seclists.org/fulldisclosure/2010/Oct/344