| ID |
CVE-2011-0536
|
| Summary |
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:gnu:glibc:2.5-49.el5_5.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.5-49.el5_5.6:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:glibc:2.12-1.7.el6_0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12-1.7.el6_0.3:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:*:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 6.9 (as of 13-02-2023 - 01:18) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
| oval
via4
|
| accepted | 2011-12-05T04:00:11.149-05:00 | | class | vulnerability | | contributors | | name | Aslesha Nargolkar | | organization | Hewlett-Packard |
| | definition_extensions | | comment | VMware ESX Server 4.1 is installed | | oval | oval:org.mitre.oval:def:13012 |
| | description | Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. | | family | unix | | id | oval:org.mitre.oval:def:13086 | | status | accepted | | submitted | 2011-09-06T16:14:19.000-05:00 | | title | VMSA-2011-0010 VMware ESX third party updates for Service Console packages glibc and dhcp | | version | 6 |
|
| redhat
via4
|
| advisories | | | rpms | - glibc-0:2.5-58.el5_6.2
- glibc-common-0:2.5-58.el5_6.2
- glibc-debuginfo-0:2.5-58.el5_6.2
- glibc-debuginfo-common-0:2.5-58.el5_6.2
- glibc-devel-0:2.5-58.el5_6.2
- glibc-headers-0:2.5-58.el5_6.2
- glibc-utils-0:2.5-58.el5_6.2
- nscd-0:2.5-58.el5_6.2
- glibc-0:2.12-1.7.el6_0.5
- glibc-common-0:2.12-1.7.el6_0.5
- glibc-debuginfo-0:2.12-1.7.el6_0.5
- glibc-devel-0:2.12-1.7.el6_0.5
- glibc-headers-0:2.12-1.7.el6_0.5
- glibc-static-0:2.12-1.7.el6_0.5
- glibc-utils-0:2.12-1.7.el6_0.5
- nscd-0:2.12-1.7.el6_0.5
|
|
| refmap
via4
|
| bugtraq | 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console | | confirm | | | debian | DSA-2122-2 | | mandriva | MDVSA-2011:178 | | mlist | - [oss-security] 20110203 CVE request: glibc CVE-2010-3847 fix regression
- [oss-security] 20110203 Re: CVE request: glibc CVE-2010-3847 fix regression
| | sectrack | 1025289 | | secunia | | | ubuntu | USN-1009-2 | | vupen | ADV-2011-0863 |
|
| Last major update |
13-02-2023 - 01:18 |
| Published |
08-04-2011 - 15:17 |
| Last modified |
13-02-2023 - 01:18 |
