CVE-2011-1095
glibc: insufficient quoting in the locale command output
Severity Score
Exploit Likelihood
Affected Versions
57Public Exploits
6Exploited in Wild
-Decision
Descriptions
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
locale/programs/locale.c en la librería C GNU (también conocido como glibc o libc6) anterior a v2.13 no formatea su salida, permitiendo a usuarios locales ganar privilegios mediante una variable de entorno localization manipulada, junto con un programa que ejecuta un script que usa la función eval.
Multiple vulnerabilities have been found in GNU C Library, the worst of which allowing arbitrary code execution and privilege escalation. Versions less than 2.15-r3 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-02-24 CVE Reserved
- 2011-04-10 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (22)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/43830 | 2023-02-13 | |
| http://secunia.com/advisories/43976 | 2023-02-13 | |
| http://secunia.com/advisories/43989 | 2023-02-13 | |
| http://security.gentoo.org/glsa/glsa-201011-01.xml | 2023-02-13 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-201... | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2011-0412.html | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2011-0413.html | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2011/0863 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2011-1095 | 2012-02-13 |