Vulnerability CVE-2010-0830

Vulnerability Name:

CVE-2010-0830 (CCN-58915)

Assigned:

2010-05-25

Published:

2010-05-25

Updated:

2017-08-17

Summary:

Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

3.7 Low (REDHAT CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P)
3.0 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-189

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-0830

Source: CCN
Type: Dan Rosenberg's blog
Integer overflow in ld.so (CVE-2010-0830)

Source: MISC
Type: UNKNOWN
http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html

Source: CCN
Type: FSA662 - glibc
Frugalware Linux - Let's make things Frugal!

Source: CONFIRM
Type: UNKNOWN
http://frugalware.org/security/662

Source: CCN
Type: RHSA-2012-0125
Moderate: glibc security and bug fix update

Source: CCN
Type: RHSA-2012-0126
Moderate: glibc security update

Source: SECUNIA
Type: Vendor Advisory
39900

Source: CCN
Type: SA51555
VMware ESXi glibc Multiple Vulnerabilities

Source: CCN
Type: SA53166
Avaya Communication Manager OpenSSL and glibc Vulnerabilities

Source: CCN
Type: SA53537
Avaya Aura Presence Services Multiple Vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-201011-01

Source: CCN
Type: SECTRACK ID: 1024044
GNU Glibc ELF Header Validation Flaw Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1024044

Source: CONFIRM
Type: UNKNOWN
http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5

Source: DEBIAN
Type: UNKNOWN
DSA-2058

Source: DEBIAN
Type: DSA-2058
eglibc -- multiple vulnerabilities

Source: CCN
Type: GLSA-201011-01
GNU C library: Multiple vulnerabilities

Source: CCN
Type: GNU C Library Web page
GNU C Library

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:111

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:112

Source: CCN
Type: OSVDB ID: 65077
GNU C Library (glibc) ld.so elf/dynamic-link.h elf_get_dynamic_info Crafted ELF Program Arbitrary Code Execution

Source: BID
Type: Patch
40063

Source: CCN
Type: BID-40063
GNU glibc 'ld.so' ELF Header Parsing Remote Integer Overflow Vulnerability

Source: CCN
Type: USN-944-1
GNU C Library vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-944-1

Source: CCN
Type: VMSA-2012-0018
VMware security updates for vCSA and ESXi

Source: VUPEN
Type: Vendor Advisory
ADV-2010-1246

Source: CCN
Type: ASA-2012-156
glibc security update (RHSA-2012-0126)

Source: CCN
Type: ASA-2012-155
glibc security and bug fix update (RHSA-2012-0125)

Source: XF
Type: UNKNOWN
glibc-elf-code-execution(58915)

Source: XF
Type: UNKNOWN
glibc-elf-code-execution(58915)

Source: SUSE
Type: UNKNOWN
SUSE-SA:2010:052

Source: SUSE
Type: SUSE-SA:2010:052
Linux kernel security update

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:glibc:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.9:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.2.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.2.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.5.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.6.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.7:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.8:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.9:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.10.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.11:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.11.1:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:glibc:2.11.1:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*

OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:4.0:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:5.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:5.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20100830	V	CVE-2010-0830	2022-05-20
oval:org.mitre.oval:def:12941	P	USN-944-1 -- glibc, eglibc vulnerabilities	2014-06-30
oval:org.mitre.oval:def:13533	P	DSA-2058-1 glibc, eglibc -- multiple	2014-06-23
oval:org.mitre.oval:def:22910	P	ELSA-2012:0126: glibc security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:21365	P	RHSA-2012:0126: glibc security update (Moderate)	2014-02-24
oval:org.mitre.oval:def:20684	V	VMware vSphere and vCOps updates to third party libraries	2014-01-20
oval:com.redhat.rhsa:def:20120125	P	RHSA-2012:0125: glibc security and bug fix update (Moderate)	2012-02-13
oval:com.redhat.rhsa:def:20120126	P	RHSA-2012:0126: glibc security update (Moderate)	2012-02-13
oval:org.debian:def:2058	V	multiple vulnerabilities	2010-06-10

BACK