NVD Vulnerability Detail

CVE-2010-3847

Summary	elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
Publication Date	Jan. 8, 2011, 4 a.m.
Registration Date	Jan. 29, 2021, 11:07 a.m.
Last Update	Nov. 21, 2024, 10:19 a.m.

CVSS2.0 : MEDIUM
Score	6.9
Vector	AV:L/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:gnu:glibc:2.2.2:::::::*
cpe:2.3:a:gnu:glibc:2.9:::::::*
cpe:2.3:a:gnu:glibc:2.7:::::::*
cpe:2.3:a:gnu:glibc:2.1.2:::::::*
cpe:2.3:a:gnu:glibc:2.11:::::::*
cpe:2.3:a:gnu:glibc:2.0.5:::::::*
cpe:2.3:a:gnu:glibc:2.2.5:::::::*
cpe:2.3:a:gnu:glibc:2.0.6:::::::*
cpe:2.3:a:gnu:glibc:2.10.1:::::::*
cpe:2.3:a:gnu:glibc:1.00:::::::*
cpe:2.3:a:gnu:glibc:1.06:::::::*
cpe:2.3:a:gnu:glibc:2.1.1:::::::*
cpe:2.3:a:gnu:glibc:1.02:::::::*
cpe:2.3:a:gnu:glibc:2.0.3:::::::*
cpe:2.3:a:gnu:glibc:1.07:::::::*
cpe:2.3:a:gnu:glibc:2.3.1:::::::*
cpe:2.3:a:gnu:glibc:2.3:::::::*
cpe:2.3:a:gnu:glibc:2.12.0:::::::*
cpe:2.3:a:gnu:glibc:2.0:::::::*
cpe:2.3:a:gnu:glibc:2.1.1.6:::::::*
cpe:2.3:a:gnu:glibc:1.04:::::::*
cpe:2.3:a:gnu:glibc:1.01:::::::*
cpe:2.3:a:gnu:glibc:2.3.10:::::::*
cpe:2.3:a:gnu:glibc:2.4:::::::*
cpe:2.3:a:gnu:glibc:2.1:::::::*
cpe:2.3:a:gnu:glibc:2.3.4:::::::*
cpe:2.3:a:gnu:glibc:1.09.1:::::::*
cpe:2.3:a:gnu:glibc:2.1.9:::::::*
cpe:2.3:a:gnu:glibc:2.3.3:::::::*
cpe:2.3:a:gnu:glibc:2.12.1:::::::*
cpe:2.3:a:gnu:glibc:2.6.1:::::::*
cpe:2.3:a:gnu:glibc:2.0.1:::::::*
cpe:2.3:a:gnu:glibc:1.09:::::::*
cpe:2.3:a:gnu:glibc:2.10:::::::*
cpe:2.3:a:gnu:glibc:2.5.1:::::::*
cpe:2.3:a:gnu:glibc:2.6:::::::*
cpe:2.3:a:gnu:glibc:2.0.4:::::::*
cpe:2.3:a:gnu:glibc:2.0.2:::::::*
cpe:2.3:a:gnu:glibc:2.2.1:::::::*
cpe:2.3:a:gnu:glibc:2.3.2:::::::*
cpe:2.3:a:gnu:glibc:1.03:::::::*
cpe:2.3:a:gnu:glibc:2.1.3.10:::::::*
cpe:2.3:a:gnu:glibc:2.3.6:::::::*
cpe:2.3:a:gnu:glibc:2.2.3:::::::*
cpe:2.3:a:gnu:glibc:2.5:::::::*
cpe:2.3:a:gnu:glibc:1.08:::::::*
cpe:2.3:a:gnu:glibc:2.3.5:::::::*
cpe:2.3:a:gnu:glibc:2.8:::::::*
cpe:2.3:a:gnu:glibc:2.11.1:::::::*
cpe:2.3:a:gnu:glibc:2.2.4:::::::*
cpe:2.3:a:gnu:glibc:2.1.3:::::::*
cpe:2.3:a:gnu:glibc::::::::		2.11.2
cpe:2.3:a:gnu:glibc:1.05:::::::*
cpe:2.3:a:gnu:glibc:2.2:::::::*
cpe:2.3:a:gnu:glibc:2.10.2:::::::*

Related information, measures and tools

No	URL	タグ
1	http://seclists.org/fulldisclosure/2010/Oct/257	Exploit
2	http://seclists.org/fulldisclosure/2010/Oct/257	Exploit
3	http://seclists.org/fulldisclosure/2010/Oct/292
4	http://seclists.org/fulldisclosure/2010/Oct/292
5	http://seclists.org/fulldisclosure/2010/Oct/294
6	http://seclists.org/fulldisclosure/2010/Oct/294
7	http://secunia.com/advisories/42787	Vendor Advisory
8	http://secunia.com/advisories/42787	Vendor Advisory
9	http://security.gentoo.org/glsa/glsa-201011-01.xml
10	http://security.gentoo.org/glsa/glsa-201011-01.xml
11	http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html	Patch
12	http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html	Patch
13	http://support.avaya.com/css/P8/documents/100120941
14	http://support.avaya.com/css/P8/documents/100120941
15	http://www.debian.org/security/2010/dsa-2122
16	http://www.debian.org/security/2010/dsa-2122
17	http://www.kb.cert.org/vuls/id/537223	US Government Resource
18	http://www.kb.cert.org/vuls/id/537223	US Government Resource
19	http://www.mandriva.com/security/advisories?name=MDVSA-2010:207
20	http://www.mandriva.com/security/advisories?name=MDVSA-2010:207
21	http://www.redhat.com/support/errata/RHSA-2010-0872.html
22	http://www.redhat.com/support/errata/RHSA-2010-0872.html
23	http://www.securityfocus.com/archive/1/515545/100/0/threaded
24	http://www.securityfocus.com/archive/1/515545/100/0/threaded
25	http://www.securityfocus.com/bid/44154
26	http://www.securityfocus.com/bid/44154
27	http://www.ubuntu.com/usn/USN-1009-1
28	http://www.ubuntu.com/usn/USN-1009-1
29	http://www.vmware.com/security/advisories/VMSA-2011-0001.html
30	http://www.vmware.com/security/advisories/VMSA-2011-0001.html
31	http://www.vupen.com/english/advisories/2011/0025	Vendor Advisory
32	http://www.vupen.com/english/advisories/2011/0025	Vendor Advisory
33	https://bugzilla.redhat.com/show_bug.cgi?id=643306	Patch
34	https://bugzilla.redhat.com/show_bug.cgi?id=643306	Patch
35	https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
36	https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
37	https://rhn.redhat.com/errata/RHSA-2010-0787.html
38	https://rhn.redhat.com/errata/RHSA-2010-0787.html
39	https://www.exploit-db.com/exploits/44024/
40	https://www.exploit-db.com/exploits/44024/
41	https://www.exploit-db.com/exploits/44025/
42	https://www.exploit-db.com/exploits/44025/

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-59	リンク解釈の問題	https://cwe.mitre.org/data/definitions/59.html

JVN Vulnerability Information

glibc に権限昇格の脆弱性

Title	glibc に権限昇格の脆弱性
Summary	glibc には、権限昇格の脆弱性が存在します。
Possible impacts	ローカルユーザによって Root 権限を取得される可能性があります。
Solution	[アップデートする] 各 Distribution が提供する情報をもとに glibc パッケージをアップデートしてください。
Publication Date	Oct. 26, 2010, midnight
Registration Date	Nov. 15, 2010, 3:39 p.m.
Last Update	Jan. 14, 2011, 2:42 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux Desktop 6

Red Hat Enterprise Linux HPC Node 6

Red Hat Enterprise Linux Server 6

Red Hat Enterprise Linux Workstation 6

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

GNU Project

GNU C Library

VMware

VMware ESX 3.0.3

VMware ESX 3.5

VMware ESX 4.0

VMware ESX 4.1

VMware ESXi

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-3847	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
National Vulnerability Database (NVD)
2	CVE-2010-3847	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3847

ベンダー情報

No	Name	URL
Asianux Technical Support Network
1	glibc-2.5-49.6.0.1.AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1287
Red Hat Security Advisory
2	RHSA-2010:0787	http://rhn.redhat.com/errata/RHSA-2010-0787.htmll
3	RHSA-2010:0872	https://rhn.redhat.com/errata/RHSA-2010-0872.html
VMware Security Advisories
4	VMSA-2011-0001	http://www.vmware.com/security/advisories/VMSA-2011-0001.html

その他

No	Name	URL
JVN
1	JVNVU#537223	http://jvn.jp/cert/JVNVU537223
Secunia Advisory
2	SA41795	http://secunia.com/advisories/41795
SecurityFocus
3	44154	http://www.securityfocus.com/bid/44154
US-CERT Vulnerability Note
4	VU#537223	http://www.kb.cert.org/vuls/id/537223

Change Log

No	Changed Details	Date of change
0	[2010年11月15日] 掲載 [2010年12月07日] 影響を受けるシステム：レッドハット (RHSA-2010:0872) の情報を追加ベンダ情報：レッドハット (RHSA-2010:0872) を追加 [2011年01月14日] 影響を受けるシステム：VMware (VMSA-2011-0001) の情報を追加ベンダ情報：VMware (VMSA-2011-0001) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:gnu:glibc:2.2.2:::::::*
cpe:2.3:a:gnu:glibc:2.9:::::::*
cpe:2.3:a:gnu:glibc:2.7:::::::*
cpe:2.3:a:gnu:glibc:2.1.2:::::::*
cpe:2.3:a:gnu:glibc:2.11:::::::*
cpe:2.3:a:gnu:glibc:2.0.5:::::::*
cpe:2.3:a:gnu:glibc:2.2.5:::::::*
cpe:2.3:a:gnu:glibc:2.0.6:::::::*
cpe:2.3:a:gnu:glibc:2.10.1:::::::*
cpe:2.3:a:gnu:glibc:1.00:::::::*
cpe:2.3:a:gnu:glibc:1.06:::::::*
cpe:2.3:a:gnu:glibc:2.1.1:::::::*
cpe:2.3:a:gnu:glibc:1.02:::::::*
cpe:2.3:a:gnu:glibc:2.0.3:::::::*
cpe:2.3:a:gnu:glibc:1.07:::::::*
cpe:2.3:a:gnu:glibc:2.3.1:::::::*
cpe:2.3:a:gnu:glibc:2.3:::::::*
cpe:2.3:a:gnu:glibc:2.12.0:::::::*
cpe:2.3:a:gnu:glibc:2.0:::::::*
cpe:2.3:a:gnu:glibc:2.1.1.6:::::::*
cpe:2.3:a:gnu:glibc:1.04:::::::*
cpe:2.3:a:gnu:glibc:1.01:::::::*
cpe:2.3:a:gnu:glibc:2.3.10:::::::*
cpe:2.3:a:gnu:glibc:2.4:::::::*
cpe:2.3:a:gnu:glibc:2.1:::::::*
cpe:2.3:a:gnu:glibc:2.3.4:::::::*
cpe:2.3:a:gnu:glibc:1.09.1:::::::*
cpe:2.3:a:gnu:glibc:2.1.9:::::::*
cpe:2.3:a:gnu:glibc:2.3.3:::::::*
cpe:2.3:a:gnu:glibc:2.12.1:::::::*
cpe:2.3:a:gnu:glibc:2.6.1:::::::*
cpe:2.3:a:gnu:glibc:2.0.1:::::::*
cpe:2.3:a:gnu:glibc:1.09:::::::*
cpe:2.3:a:gnu:glibc:2.10:::::::*
cpe:2.3:a:gnu:glibc:2.5.1:::::::*
cpe:2.3:a:gnu:glibc:2.6:::::::*
cpe:2.3:a:gnu:glibc:2.0.4:::::::*
cpe:2.3:a:gnu:glibc:2.0.2:::::::*
cpe:2.3:a:gnu:glibc:2.2.1:::::::*
cpe:2.3:a:gnu:glibc:2.3.2:::::::*
cpe:2.3:a:gnu:glibc:1.03:::::::*
cpe:2.3:a:gnu:glibc:2.1.3.10:::::::*
cpe:2.3:a:gnu:glibc:2.3.6:::::::*
cpe:2.3:a:gnu:glibc:2.2.3:::::::*
cpe:2.3:a:gnu:glibc:2.5:::::::*
cpe:2.3:a:gnu:glibc:1.08:::::::*
cpe:2.3:a:gnu:glibc:2.3.5:::::::*
cpe:2.3:a:gnu:glibc:2.8:::::::*
cpe:2.3:a:gnu:glibc:2.11.1:::::::*
cpe:2.3:a:gnu:glibc:2.2.4:::::::*
cpe:2.3:a:gnu:glibc:2.1.3:::::::*
cpe:2.3:a:gnu:glibc::::::::		2.11.2
cpe:2.3:a:gnu:glibc:1.05:::::::*
cpe:2.3:a:gnu:glibc:2.2:::::::*
cpe:2.3:a:gnu:glibc:2.10.2:::::::*