Vulnerability CVE-2010-3856

Vulnerability Name:

CVE-2010-3856 (CCN-62748)

Assigned:

2010-10-22

Published:

2010-10-22

Updated:

2023-07-20

Summary:

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.9 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.2 High (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.9 Medium (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2010-3856

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2010-0793
Important: glibc security update

Source: CCN
Type: RHSA-2010-0872
Important: glibc security and bug fix update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: SA42787
VMware ESX Console OS (COS) Multiple Vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: DEBIAN
Type: DSA-2122
glibc -- missing input sanitization

Source: CCN
Type: GLSA-201011-01
GNU C library: Multiple vulnerabilities

Source: CCN
Type: GNU C Library Web page
GNU C Library

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: OSVDB ID: 68920
GNU C Library (glibc) Dynamic Linker LD_AUDIT non-setuid Library Loading Issue

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-44347
GNU glibc Dynamic Linker 'LD_AUDIT' Local Privilege Escalation Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: XF
Type: UNKNOWN
glibc-ldaudit-privilege-escalation(62748)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Packet Storm Security [05-17-2013]
Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root

Source: CCN
Type: Packet Storm Security [11-06-2014]
GNU libc 2.12.1 LD_AUDIT libmemusage.so Local Root

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [10-22-2010]

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [11-10-2011]

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: SUSE
Type: SUSE-SA:2010:052
Linux kernel security update

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:glibc:2.2.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.9:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.2.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.11.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.5:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*

OR cpe:/o:novell:suse_linux_enterprise_server:10:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20103856	V	CVE-2010-3856	2022-05-20
oval:org.opensuse.security:def:32169	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:29397	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:29361	P	Security update for the Linux Kernel (Important)	2021-05-17
oval:org.opensuse.security:def:32262	P	Security update for java-1_8_0-openjdk (Moderate)	2021-02-19
oval:org.opensuse.security:def:28145	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31949	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:28723	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32618	P	xorg-x11-Xvnc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28286	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:31961	P	Security update for guile (Low)	2020-12-01
oval:org.opensuse.security:def:32706	P	libcap-progs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28522	P	Security update for openvpn-openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:27940	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32772	P	perl-spamassassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28624	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:32319	P	Security update for ruby (Moderate)	2020-12-01
oval:org.opensuse.security:def:28015	P	Security update for augeas (Moderate)	2020-12-01
oval:org.opensuse.security:def:33449	P	Security update for glibc	2020-12-01
oval:org.opensuse.security:def:28679	P	Security update for flac	2020-12-01
oval:org.opensuse.security:def:32562	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28229	P	Security update for libtirpc, rpcbind (Important)	2020-12-01
oval:org.opensuse.security:def:31950	P	Security update for grub2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32667	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28370	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:32035	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27939	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32728	P	libqt4-sql-mysql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28575	P	Security update for OpenSSL	2020-12-01
oval:org.opensuse.security:def:27951	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:33410	P	Security update for python-pycrypto (Important)	2020-12-01
oval:org.opensuse.security:def:28663	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:32406	P	Security update for wavpack (Moderate)	2020-12-01
oval:org.mitre.oval:def:13244	P	USN-1009-2 -- eglibc, glibc vulnerability	2014-06-30
oval:org.mitre.oval:def:13489	P	USN-1009-1 -- glibc, eglibc vulnerabilities	2014-06-30
oval:org.mitre.oval:def:12802	P	DSA-2122-2 glibc -- missing input sanitisation	2014-06-23
oval:org.mitre.oval:def:12604	P	DSA-2122-1 glibc -- missing input sanitisation	2014-06-23
oval:org.mitre.oval:def:23540	P	ELSA-2010:0872: glibc security and bug fix update (Important)	2014-05-26
oval:org.mitre.oval:def:22846	P	ELSA-2010:0793: glibc security update (Important)	2014-05-26
oval:org.mitre.oval:def:21997	P	RHSA-2010:0793: glibc security update (Important)	2014-02-24
oval:org.mitre.oval:def:22327	P	RHSA-2010:0872: glibc security and bug fix update (Important)	2014-02-24
oval:org.mitre.oval:def:20315	V	VMware ESX third party updates for Service Console packages glibc, sudo, and openldap	2014-01-20
oval:com.redhat.rhsa:def:20100872	P	RHSA-2010:0872: glibc security and bug fix update (Important)	2010-11-10
oval:com.redhat.rhsa:def:20100793	P	RHSA-2010:0793: glibc security update (Important)	2010-10-25
oval:org.debian:def:2122	V	missing input sanitization	2010-10-22

BACK