Your submission was sent successfully! Close

CVE-2010-3856

Published: 22 October 2010

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.

Priority

High

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

jaunty Does not exist

karmic
Released (2.10.1-0ubuntu18)
lucid
Released (2.11.1-0ubuntu7.5)
maverick
Released (2.12.1-0ubuntu8)
upstream Needs triage

glibc
Launchpad, Ubuntu, Debian
dapper Not vulnerable

hardy
Released (2.7-10ubuntu7)
jaunty
Released (2.9-4ubuntu6.3)
karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream Needs triage