Computer Security
[EN] securityvulns.ru no-pyccku


GNU C dynamic linker privilege escalation
updated since 24.10.2010
Published:26.10.2010
Source:
SecurityVulns ID:11210
Type:local
Threat Level:
7/10
Description:Invalid $ORIGIN processing allows to load user library into suid application.
Affected:GNU : glibc 2.11
CVE:CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.)
 CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.)
Original documentdocumentTavis Ormandy, The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads. (26.10.2010)
 documentTavis Ormandy, The GNU C library dynamic linker expands $ORIGIN in setuid library search path (24.10.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod