Published: 10/04/2011 Updated: 13/02/2023

CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9

VMScore: 552

Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) prior to 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc 2.2.2
gnu glibc 2.9
gnu glibc 2.7
gnu glibc 2.1.2
gnu glibc 2.11
gnu glibc 2.0.5
gnu glibc 2.2.5
gnu glibc 2.0.6
gnu glibc 2.10.1
gnu glibc 1.00
gnu glibc 1.06
gnu glibc 2.1.1
gnu glibc 1.02
gnu glibc 2.0.3
gnu glibc 1.07
gnu glibc 2.3.1
gnu glibc 2.3
gnu glibc 2.12.0
gnu glibc 2.0
gnu glibc 2.1.1.6
gnu glibc 1.04
gnu glibc 1.01
gnu glibc 2.3.10
gnu glibc 2.4
gnu glibc 2.1
gnu glibc 2.3.4
gnu glibc 1.09.1
gnu glibc 2.1.9
gnu glibc 2.3.3
gnu glibc 2.12.1
gnu glibc 2.6.1
gnu glibc 2.0.1
gnu glibc 1.09
gnu glibc 2.10
gnu glibc 2.11.2
gnu glibc 2.5.1
gnu glibc 2.6
gnu glibc 2.0.4
gnu glibc 2.0.2
gnu glibc 2.2.1
gnu glibc 2.3.2
gnu glibc 1.03
gnu glibc 2.1.3.10
gnu glibc 2.3.6
gnu glibc
gnu glibc 2.2.3
gnu glibc 2.5
gnu glibc 2.11.3
gnu glibc 1.08
gnu glibc 2.3.5
gnu glibc 2.8
gnu glibc 2.11.1
gnu glibc 2.2.4
gnu glibc 2.1.3
gnu glibc 1.05
gnu glibc 2.2
gnu glibc 2.10.2

Synopsis Moderate: glibc security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated glibc packages that fix multiple security issues and one bug arenow available for Red Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as having moderatesecurity impact ...

Multiple vulnerabilities were discovered and fixed in the GNU C Library ...

CWE-264 http://bugs.gentoo.org/show_bug.cgi?id=330923 http://secunia.com/advisories/43976 http://www.redhat.com/support/errata/RHSA-2011-0413.html https://bugzilla.redhat.com/show_bug.cgi?id=625893 http://openwall.com/lists/oss-security/2011/03/08/8 http://www.vupen.com/english/advisories/2011/0863 http://security.gentoo.org/glsa/glsa-201011-01.xml http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904 http://sourceware.org/bugzilla/show_bug.cgi?id=11904 http://secunia.com/advisories/43989 http://openwall.com/lists/oss-security/2011/03/08/21 http://secunia.com/advisories/43830 http://openwall.com/lists/oss-security/2011/03/08/22 http://www.redhat.com/support/errata/RHSA-2011-0412.html http://securitytracker.com/id?1025286 http://secunia.com/advisories/46397 http://www.vmware.com/security/advisories/VMSA-2011-0012.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272 http://www.securityfocus.com/archive/1/520102/100/0/threaded http://sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d950cb7e17dc98c4259 https://access.redhat.com/errata/RHSA-2012:0125 https://nvd.nist.gov https://usn.ubuntu.com/1396-1/

CVE-2011-1095

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect