Vulnerability Name:

CVE-2010-3856

Assigned:2010-10-08
Published:2010-10-22
Updated:2018-02-14
Summary:ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.9 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.2 High (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.9 Medium (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
References:Source: FULLDISC
Type: UNKNOWN
20101022 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.

Source: GENTOO
Type: UNKNOWN
GLSA-201011-01

Source: MLIST
Type: PATCH
[libc-hacker] 20101022 [PATCH] Require suid bit on audit objects in privileged programs

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/css/P8/documents/100121017

Source: DEBIAN
Type: UNKNOWN
DSA-2122

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:212

Source: REDHAT
Type: UNKNOWN
RHSA-2010:0872

Source: BUGTRAQ
Type: UNKNOWN
20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap

Source: BID
Type: UNKNOWN
44347

Source: UBUNTU
Type: UNKNOWN
USN-1009-1

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2011-0001.html

Source: VUPEN
Type: VENDOR_ADVISORY
ADV-2011-0025

Source: CONFIRM
Type: PATCH
https://bugzilla.redhat.com/show_bug.cgi?id=645672

Source: XF
Type: UNKNOWN
glibc-ldaudit-privilege-escalation(62748)

Source: SUSE
Type: UNKNOWN
SUSE-SA:2010:052

Source: REDHAT
Type: UNKNOWN
RHSA-2010:0793

Source: EXPLOIT-DB
Type: UNKNOWN
44025

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:glibc:1.00:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:1.01:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:1.02:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:1.03:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:1.04:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:1.05:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:1.06:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:1.07:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:1.08:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:1.09:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:1.09.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3.10:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.7:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.8:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.9:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.10:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.11:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.12.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.12.1:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3.10:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.10:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3.5:*:*:*:*:*:*:*
  • AND
  • cpe:/a:gentoo:linux_eix:0.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20103856
    V
    CVE-2010-3856
    2018-02-18
    oval:org.mitre.oval:def:13244
    P
    USN-1009-2 -- eglibc, glibc vulnerability
    2014-06-30
    oval:org.mitre.oval:def:13489
    P
    USN-1009-1 -- glibc, eglibc vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:12802
    P
    DSA-2122-2 glibc -- missing input sanitisation
    2014-06-23
    oval:org.mitre.oval:def:12604
    P
    DSA-2122-1 glibc -- missing input sanitisation
    2014-06-23
    oval:org.mitre.oval:def:22846
    P
    ELSA-2010:0793: glibc security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:23540
    P
    ELSA-2010:0872: glibc security and bug fix update (Important)
    2014-05-26
    oval:org.mitre.oval:def:21997
    P
    RHSA-2010:0793: glibc security update (Important)
    2014-02-24
    oval:org.mitre.oval:def:22327
    P
    RHSA-2010:0872: glibc security and bug fix update (Important)
    2014-02-24
    oval:org.mitre.oval:def:20315
    V
    VMware ESX third party updates for Service Console packages glibc, sudo, and openldap
    2014-01-20
    oval:com.redhat.rhsa:def:20100872
    P
    RHSA-2010:0872: glibc security and bug fix update (Important)
    2010-11-10
    oval:com.redhat.rhsa:def:20100793
    P
    RHSA-2010:0793: glibc security update (Important)
    2010-10-25
    oval:org.debian:def:2122
    V
    missing input sanitization
    2010-10-22
    BACK
    gnu glibc 1.00
    gnu glibc 1.01
    gnu glibc 1.02
    gnu glibc 1.03
    gnu glibc 1.04
    gnu glibc 1.05
    gnu glibc 1.06
    gnu glibc 1.07
    gnu glibc 1.08
    gnu glibc 1.09
    gnu glibc 1.09.1
    gnu glibc 2.0
    gnu glibc 2.0.1
    gnu glibc 2.0.2
    gnu glibc 2.0.3
    gnu glibc 2.0.4
    gnu glibc 2.0.5
    gnu glibc 2.0.6
    gnu glibc 2.1
    gnu glibc 2.1.1
    gnu glibc 2.1.1.6
    gnu glibc 2.1.2
    gnu glibc 2.1.3
    gnu glibc 2.1.3.10
    gnu glibc 2.1.9
    gnu glibc 2.2
    gnu glibc 2.2.1
    gnu glibc 2.2.2
    gnu glibc 2.2.3
    gnu glibc 2.2.4
    gnu glibc 2.2.5
    gnu glibc 2.3
    gnu glibc 2.3.1
    gnu glibc 2.3.2
    gnu glibc 2.3.3
    gnu glibc 2.3.4
    gnu glibc 2.3.5
    gnu glibc 2.3.6
    gnu glibc 2.3.10
    gnu glibc 2.4
    gnu glibc 2.5
    gnu glibc 2.5.1
    gnu glibc 2.6
    gnu glibc 2.6.1
    gnu glibc 2.7
    gnu glibc 2.8
    gnu glibc 2.9
    gnu glibc 2.10
    gnu glibc 2.10.1
    gnu glibc 2.10.2
    gnu glibc 2.11
    gnu glibc 2.11.1
    gnu glibc 2.11.2
    gnu glibc 2.12.0
    gnu glibc 2.12.1
    gnu glibc 2.2.5
    gnu glibc 2.2.1
    gnu glibc 2.0
    gnu glibc 2.0.1
    gnu glibc 2.0.2
    gnu glibc 2.0.3
    gnu glibc 2.0.4
    gnu glibc 2.0.5
    gnu glibc 2.0.6
    gnu glibc 2.1
    gnu glibc 2.1.1
    gnu glibc 2.1.1.6
    gnu glibc 2.1.2
    gnu glibc 2.1.3
    gnu glibc 2.1.9
    gnu glibc 2.2
    gnu glibc 2.2.2
    gnu glibc 2.2.3
    gnu glibc 2.2.4
    gnu glibc 2.3
    gnu glibc 2.3.1
    gnu glibc 2.3.10
    gnu glibc 2.3.3
    gnu glibc 2.3.4
    gnu glibc 2.11.1
    gnu glibc 2.10
    gnu glibc 2.3.5
    gentoo linux eix 0.3
    suse linux enterprise server 9
    novell suse linux enterprise server 10 sp2
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    debian debian linux 5.0
    mandriva enterprise server 5