CVE-2011-0536
GNU C library dynamic linker - '$ORIGIN' Expansion
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.
Múltiples vulnerabilidades de ruta (path) de búsqueda no confiable en el archivo elf/dl-object.c en ciertas versiones modificadas de la Biblioteca C de GNU (también se conoce como glibc o libc6), incluyendo glibc-2.5-49.el5_5.6 y glibc-2.12-1.7.el6_0.3 en Red Hat Enterprise Linux, permite a los usuarios locales alcanzar privilegios por medio de un dynamic shared object (DSO) diseñado en un subdirectorio del directorio de trabajo actual durante la ejecución de un programa (1) setuid o (2) setgid que tiene $ORIGIN en (a) RPATH o (b) RUNPATH dentro del propio programa o una biblioteca referenciada. NOTA: este problema se presenta debido a una solución incorrecta de CVE-2010-3847.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-10-18 First Exploit
- 2011-01-20 CVE Reserved
- 2011-04-08 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-426: Untrusted Search Path
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1025289 | Vdb Entry | |
| http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=96611391ad8823ba58405325d78cefeae5cdf699 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/520102/100/0/threaded | Mailing List | |
| http://www.vmware.com/security/advisories/VMSA-2011-0012.html | X_refsource_confirm | |
| https://launchpad.net/bugs/701783 | X_refsource_confirm | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13086 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/15274 | 2010-10-18 |
| URL | Date | SRC |
|---|---|---|
| http://openwall.com/lists/oss-security/2011/02/01/3 | 2023-02-13 | |
| http://openwall.com/lists/oss-security/2011/02/03/2 | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=667974 | 2011-04-04 |
| URL | Date | SRC |
|---|---|---|
| http://lists.debian.org/debian-security-announce/2011/msg00005.html | 2023-02-13 | |
| http://secunia.com/advisories/43830 | 2023-02-13 | |
| http://secunia.com/advisories/43989 | 2023-02-13 | |
| http://secunia.com/advisories/46397 | 2023-02-13 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2011-0412.html | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2011-0413.html | 2023-02-13 | |
| http://www.ubuntu.com/usn/USN-1009-2 | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2011/0863 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2011-0536 | 2011-04-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.5-49.el5_5.6 Search vendor "Gnu" for product "Glibc" and version "2.5-49.el5_5.6" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
|
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.12-1.7.el6_0.3 Search vendor "Gnu" for product "Glibc" and version "2.12-1.7.el6_0.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
|