VDB
CVE-2010-3856
CVE-2010-3856
PUBLISHED
Reported by redhat · Published January 7, 2011
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | *, n/a |
Exploit Intelligence
- 44025 (cve.org)
- extended.webshell_detection.yara (github-yara)
- extended.webshell_detection.yara (github-yara)
- extended.webshell_detection.yara (github-yara)
- glibc LD_AUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation Exploit (0day-today)
- glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation Exploit (0day-today)
- Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root Exploit (0day-today)
- glibc LD_AUDIT arbitrary DSO load Privilege Escalation (0day-today)
- GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability (0day-today)
Timeline
- Oct 23, 2010 PoC Published
- Jan 7, 2011 CVE Published
- Nov 9, 2011 PoC Published
- May 19, 2013 PoC Published
- Feb 10, 2018 PoC Published
- Apr 1, 2018 PoC Published
- Mar 9, 2020 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
References
- 20101022 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads. mailing-listx_refsource_FULLDISC
- 44347 vdb-entryx_refsource_BID
- GLSA-201011-01 vendor-advisoryx_refsource_GENTOO
- x_refsource_CONFIRM
- x_refsource_CONFIRM
- x_refsource_CONFIRM
- RHSA-2010:0872 vendor-advisoryx_refsource_REDHAT
- SUSE-SA:2010:052 vendor-advisoryx_refsource_SUSE
- 44025 exploitx_refsource_EXPLOIT-DB
- DSA-2122 vendor-advisoryx_refsource_DEBIAN
- USN-1009-1 vendor-advisoryx_refsource_UBUNTU
- [libc-hacker] 20101022 [PATCH] Require suid bit on audit objects in privileged programs mailing-listx_refsource_MLIST
- 20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap mailing-listx_refsource_BUGTRAQ
- MDVSA-2010:212 vendor-advisoryx_refsource_MANDRIVA
- 42787 third-party-advisoryx_refsource_SECUNIA
- ADV-2011-0025 vdb-entryx_refsource_VUPEN
- RHSA-2010:0793 vendor-advisoryx_refsource_REDHAT
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series mailing-listx_refsource_FULLDISC
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series mailing-listx_refsource_BUGTRAQ
- x_refsource_MISC
…and 4 more