CVE-2011-1095
glibc: insufficient quoting in the locale command output
Severity Score
6.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
6
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
locale/programs/locale.c en la librería C GNU (también conocido como glibc o libc6) anterior a v2.13 no formatea su salida, permitiendo a usuarios locales ganar privilegios mediante una variable de entorno localization manipulada, junto con un programa que ejecuta un script que usa la función eval.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-02-24 CVE Reserved
- 2011-04-10 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (22)
| URL | Tag | Source |
|---|---|---|
| http://openwall.com/lists/oss-security/2011/03/08/22 | Mailing List | |
| http://secunia.com/advisories/46397 | Third Party Advisory | |
| http://securitytracker.com/id?1025286 | Vdb Entry | |
| http://sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d950cb7e17dc98c4259 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/520102/100/0/threaded | Mailing List | |
| http://www.vmware.com/security/advisories/VMSA-2011-0012.html | X_refsource_confirm | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272 | Signature |
| URL | Date | SRC |
|---|---|---|
| http://bugs.gentoo.org/show_bug.cgi?id=330923 | 2024-08-06 | |
| http://openwall.com/lists/oss-security/2011/03/08/21 | 2024-08-06 | |
| http://openwall.com/lists/oss-security/2011/03/08/8 | 2024-08-06 | |
| http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904 | 2024-08-06 | |
| http://sourceware.org/bugzilla/show_bug.cgi?id=11904 | 2024-08-06 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=625893 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/43830 | 2023-02-13 | |
| http://secunia.com/advisories/43976 | 2023-02-13 | |
| http://secunia.com/advisories/43989 | 2023-02-13 | |
| http://security.gentoo.org/glsa/glsa-201011-01.xml | 2023-02-13 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2011-0412.html | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2011-0413.html | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2011/0863 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2011-1095 | 2012-02-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | <= 2.12.2 Search vendor "Gnu" for product "Glibc" and version " <= 2.12.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.00 Search vendor "Gnu" for product "Glibc" and version "1.00" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.01 Search vendor "Gnu" for product "Glibc" and version "1.01" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.02 Search vendor "Gnu" for product "Glibc" and version "1.02" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.03 Search vendor "Gnu" for product "Glibc" and version "1.03" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.04 Search vendor "Gnu" for product "Glibc" and version "1.04" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.05 Search vendor "Gnu" for product "Glibc" and version "1.05" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.06 Search vendor "Gnu" for product "Glibc" and version "1.06" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.07 Search vendor "Gnu" for product "Glibc" and version "1.07" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.08 Search vendor "Gnu" for product "Glibc" and version "1.08" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.09 Search vendor "Gnu" for product "Glibc" and version "1.09" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.09.1 Search vendor "Gnu" for product "Glibc" and version "1.09.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0 Search vendor "Gnu" for product "Glibc" and version "2.0" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.1 Search vendor "Gnu" for product "Glibc" and version "2.0.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.2 Search vendor "Gnu" for product "Glibc" and version "2.0.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.3 Search vendor "Gnu" for product "Glibc" and version "2.0.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.4 Search vendor "Gnu" for product "Glibc" and version "2.0.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.5 Search vendor "Gnu" for product "Glibc" and version "2.0.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.6 Search vendor "Gnu" for product "Glibc" and version "2.0.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1 Search vendor "Gnu" for product "Glibc" and version "2.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.1 Search vendor "Gnu" for product "Glibc" and version "2.1.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.1.6 Search vendor "Gnu" for product "Glibc" and version "2.1.1.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.2 Search vendor "Gnu" for product "Glibc" and version "2.1.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.3 Search vendor "Gnu" for product "Glibc" and version "2.1.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.3.10 Search vendor "Gnu" for product "Glibc" and version "2.1.3.10" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.9 Search vendor "Gnu" for product "Glibc" and version "2.1.9" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2 Search vendor "Gnu" for product "Glibc" and version "2.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2.1 Search vendor "Gnu" for product "Glibc" and version "2.2.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2.2 Search vendor "Gnu" for product "Glibc" and version "2.2.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2.3 Search vendor "Gnu" for product "Glibc" and version "2.2.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2.4 Search vendor "Gnu" for product "Glibc" and version "2.2.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2.5 Search vendor "Gnu" for product "Glibc" and version "2.2.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3 Search vendor "Gnu" for product "Glibc" and version "2.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.1 Search vendor "Gnu" for product "Glibc" and version "2.3.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.2 Search vendor "Gnu" for product "Glibc" and version "2.3.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.3 Search vendor "Gnu" for product "Glibc" and version "2.3.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.4 Search vendor "Gnu" for product "Glibc" and version "2.3.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.5 Search vendor "Gnu" for product "Glibc" and version "2.3.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.6 Search vendor "Gnu" for product "Glibc" and version "2.3.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.10 Search vendor "Gnu" for product "Glibc" and version "2.3.10" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.4 Search vendor "Gnu" for product "Glibc" and version "2.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.5 Search vendor "Gnu" for product "Glibc" and version "2.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.5.1 Search vendor "Gnu" for product "Glibc" and version "2.5.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.6 Search vendor "Gnu" for product "Glibc" and version "2.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.6.1 Search vendor "Gnu" for product "Glibc" and version "2.6.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.7 Search vendor "Gnu" for product "Glibc" and version "2.7" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.8 Search vendor "Gnu" for product "Glibc" and version "2.8" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.9 Search vendor "Gnu" for product "Glibc" and version "2.9" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.10 Search vendor "Gnu" for product "Glibc" and version "2.10" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.10.1 Search vendor "Gnu" for product "Glibc" and version "2.10.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.10.2 Search vendor "Gnu" for product "Glibc" and version "2.10.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.11 Search vendor "Gnu" for product "Glibc" and version "2.11" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.11.1 Search vendor "Gnu" for product "Glibc" and version "2.11.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.11.2 Search vendor "Gnu" for product "Glibc" and version "2.11.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.11.3 Search vendor "Gnu" for product "Glibc" and version "2.11.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.12.0 Search vendor "Gnu" for product "Glibc" and version "2.12.0" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.12.1 Search vendor "Gnu" for product "Glibc" and version "2.12.1" | - |
Affected
| ||||||