Your submission was sent successfully! Close

CVE-2010-3847

Published: 22 October 2010

elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.

Priority

Negligible

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

jaunty Does not exist

karmic
Released (2.10.1-0ubuntu18)
lucid
Released (2.11.1-0ubuntu7.5)
maverick
Released (2.12.1-0ubuntu8)
upstream Needs triage

glibc
Launchpad, Ubuntu, Debian
dapper Not vulnerable

hardy
Released (2.7-10ubuntu7)
jaunty
Released (2.9-4ubuntu6.3)
karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream Needs triage

Notes

AuthorNote
kees
$ORIGIN expansion was not possible on Ubuntu due to lack of NDEBUG during build.

References