Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2010-3856

Published: 07/01/2011 Updated: 20/07/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 735
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Gnu

Vulnerability Summary

ld.so in the GNU C Library (aka glibc or libc6) prior to 2.11.3, and 2.12.x prior to 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc 2.2.2

gnu glibc 2.9

gnu glibc 2.7

gnu glibc 2.1.2

gnu glibc 2.11

gnu glibc 2.0.5

gnu glibc 2.2.5

gnu glibc 2.0.6

gnu glibc 2.10.1

gnu glibc 1.00

gnu glibc 1.06

gnu glibc 2.1.1

gnu glibc 1.02

gnu glibc 2.0.3

gnu glibc 1.07

gnu glibc 2.3.1

gnu glibc 2.3

gnu glibc 2.12.0

gnu glibc 2.0

gnu glibc 2.1.1.6

gnu glibc 1.04

gnu glibc 1.01

gnu glibc 2.3.10

gnu glibc 2.4

gnu glibc 2.1

gnu glibc 2.3.4

gnu glibc 1.09.1

gnu glibc 2.1.9

gnu glibc 2.3.3

gnu glibc 2.12.1

gnu glibc 2.6.1

gnu glibc 2.0.1

gnu glibc 1.09

gnu glibc 2.10

gnu glibc 2.5.1

gnu glibc 2.6

gnu glibc 2.0.4

gnu glibc 2.0.2

gnu glibc 2.2.1

gnu glibc 2.3.2

gnu glibc 1.03

gnu glibc 2.1.3.10

gnu glibc 2.3.6

gnu glibc 2.2.3

gnu glibc 2.5

gnu glibc 1.08

gnu glibc 2.3.5

gnu glibc 2.8

gnu glibc 2.11.1

gnu glibc 2.2.4

gnu glibc 2.1.3

gnu glibc

gnu glibc 1.05

gnu glibc 2.2

gnu glibc 2.10.2

Vendor Advisories

Red Hat: Important: glibc security update
Synopsis Important: glibc security update Type/Severity Security Advisory: Important Topic Updated glibc packages that fix one security issue are now available forRed Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerability Sc ...
Debian CVElist Bug Report Logs: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
Debian Bug report logs - #600667 eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Mon, 18 Oct 2010 22:57:05 UTC Severity: grave Tags: pending, security, squeeze-ignore Fou ...
Ubuntu Security Notice: glibc, eglibc vulnerabilities
Local root escalation via LD_AUDIT environment variable ...
Ubuntu Security Notice: eglibc, glibc vulnerability
Privilege escalation via loading of libraries via RPATH DSTs with setuid programs ...

Exploits

Exploit DB: glibc - 'LD_AUDIT' Arbitrary DSO Load Privilege Escalation (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File include Msf::Exploit::EXE include M ...
Exploit DB: glibc - 'LD_AUDIT' Arbitrary DSO Load Privilege Escalation
#!/bin/sh ####################################################### # I Can't Read and I Won't Race You Either # # by zx2c4 # ####################################################### ################################################################## ...
Exploit DB: GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation
Source: marcinfo/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Cześć, This advisory describes CVE-2010-3856, an addendum to CVE-2010-3847 Please see seclistso ...
Exploit DB: glibc LD_AUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation
This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker with libmemusageso library ...
Exploit DB: Debian 5.0.6 / Ubuntu 10.04 Webshell To Remote Root
Whitepaper discussing how to go from having a webshell to getting remote root using the GNU dynamic linker DSO vulnerability on Debian versions 506 and below and Ubuntu versions 1004 and below ...
Exploit DB: glibc LD_AUDIT Privilege Escalation
glibc LD_AUDIT arbitrary DSO load local root exploit that leverages a race condition to escalate privileges ...
Exploit DB: GNU C Library Dynamic Linker Arbitrary DSO dlopen
The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ...
Exploit DB: GNU libc 2.12.1 LD_AUDIT libmemusage.so Local Root
GNU libc versions 2121 and below LD_AUDIT libmemusageso local root exploit ...
Exploit DB: GNU libc 2.12.1 LD_AUDIT libpcprofile.so Local Root
GNU libc versions 2121 and below LD_AUDIT libpcprofileso local root exploit ...
Exploit DB: Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root
Local root exploit for Glibc versions 2113 and 212x utilizing LD_AUDIT libmemusageso ...
Exploit DB: glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker glibc ldso in versions before 2113, and 212x before 2122 does not properly restrict use of the LD_AUDIT environment variable when loading setuid executables This allows loading arbitrary shared obj ...
Exploit DB: OpenSSH Forwarded SSH-Agent Remote Code Execution
The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 93p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system ...
Exploit DB: WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector ...

Mailing Lists

Full Disclosure: SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series <!--X-Subject-Heade ...

References

CWE-264http://sourceware.org/ml/libc-hacker/2010-10/msg00010.htmlhttp://seclists.org/fulldisclosure/2010/Oct/344https://bugzilla.redhat.com/show_bug.cgi?id=645672http://www.vmware.com/security/advisories/VMSA-2011-0001.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0793.htmlhttp://www.vupen.com/english/advisories/2011/0025http://www.ubuntu.com/usn/USN-1009-1http://www.redhat.com/support/errata/RHSA-2010-0872.htmlhttp://www.debian.org/security/2010/dsa-2122http://secunia.com/advisories/42787http://www.securityfocus.com/bid/44347http://security.gentoo.org/glsa/glsa-201011-01.xmlhttp://support.avaya.com/css/P8/documents/100121017http://www.mandriva.com/security/advisories?name=MDVSA-2010:212https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.htmlhttps://www.exploit-db.com/exploits/44025/http://www.securityfocus.com/archive/1/515545/100/0/threadedhttp://seclists.org/fulldisclosure/2019/Jun/18https://seclists.org/bugtraq/2019/Jun/14http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.htmlhttp://www.openwall.com/lists/oss-security/2023/07/19/9http://seclists.org/fulldisclosure/2023/Jul/31http://www.openwall.com/lists/oss-security/2023/07/20/1http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.htmlhttps://access.redhat.com/errata/RHSA-2010:0793https://nvd.nist.govhttps://usn.ubuntu.com/1009-1/https://www.exploit-db.com/exploits/44025/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook