NVD Vulnerability Detail

CVE-2010-3856

Summary	ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
Publication Date	Jan. 8, 2011, 4 a.m.
Registration Date	Jan. 29, 2021, 11:07 a.m.
Last Update	Nov. 21, 2024, 10:19 a.m.

CVSS2.0 : HIGH
Score	7.2
Vector	AV:L/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:gnu:glibc:2.2.2:::::::*
cpe:2.3:a:gnu:glibc:2.9:::::::*
cpe:2.3:a:gnu:glibc:2.7:::::::*
cpe:2.3:a:gnu:glibc:2.1.2:::::::*
cpe:2.3:a:gnu:glibc:2.11:::::::*
cpe:2.3:a:gnu:glibc:2.0.5:::::::*
cpe:2.3:a:gnu:glibc:2.2.5:::::::*
cpe:2.3:a:gnu:glibc:2.0.6:::::::*
cpe:2.3:a:gnu:glibc:2.10.1:::::::*
cpe:2.3:a:gnu:glibc:1.00:::::::*
cpe:2.3:a:gnu:glibc:1.06:::::::*
cpe:2.3:a:gnu:glibc:2.1.1:::::::*
cpe:2.3:a:gnu:glibc:1.02:::::::*
cpe:2.3:a:gnu:glibc:2.0.3:::::::*
cpe:2.3:a:gnu:glibc:1.07:::::::*
cpe:2.3:a:gnu:glibc:2.3.1:::::::*
cpe:2.3:a:gnu:glibc:2.3:::::::*
cpe:2.3:a:gnu:glibc:2.12.0:::::::*
cpe:2.3:a:gnu:glibc:2.0:::::::*
cpe:2.3:a:gnu:glibc:2.1.1.6:::::::*
cpe:2.3:a:gnu:glibc:1.04:::::::*
cpe:2.3:a:gnu:glibc:1.01:::::::*
cpe:2.3:a:gnu:glibc:2.3.10:::::::*
cpe:2.3:a:gnu:glibc:2.4:::::::*
cpe:2.3:a:gnu:glibc:2.1:::::::*
cpe:2.3:a:gnu:glibc:2.3.4:::::::*
cpe:2.3:a:gnu:glibc:1.09.1:::::::*
cpe:2.3:a:gnu:glibc:2.1.9:::::::*
cpe:2.3:a:gnu:glibc:2.3.3:::::::*
cpe:2.3:a:gnu:glibc:2.12.1:::::::*
cpe:2.3:a:gnu:glibc:2.6.1:::::::*
cpe:2.3:a:gnu:glibc:2.0.1:::::::*
cpe:2.3:a:gnu:glibc:1.09:::::::*
cpe:2.3:a:gnu:glibc:2.10:::::::*
cpe:2.3:a:gnu:glibc:2.5.1:::::::*
cpe:2.3:a:gnu:glibc:2.6:::::::*
cpe:2.3:a:gnu:glibc:2.0.4:::::::*
cpe:2.3:a:gnu:glibc:2.0.2:::::::*
cpe:2.3:a:gnu:glibc:2.2.1:::::::*
cpe:2.3:a:gnu:glibc:2.3.2:::::::*
cpe:2.3:a:gnu:glibc:1.03:::::::*
cpe:2.3:a:gnu:glibc:2.1.3.10:::::::*
cpe:2.3:a:gnu:glibc:2.3.6:::::::*
cpe:2.3:a:gnu:glibc:2.2.3:::::::*
cpe:2.3:a:gnu:glibc:2.5:::::::*
cpe:2.3:a:gnu:glibc:1.08:::::::*
cpe:2.3:a:gnu:glibc:2.3.5:::::::*
cpe:2.3:a:gnu:glibc:2.8:::::::*
cpe:2.3:a:gnu:glibc:2.11.1:::::::*
cpe:2.3:a:gnu:glibc:2.2.4:::::::*
cpe:2.3:a:gnu:glibc:2.1.3:::::::*
cpe:2.3:a:gnu:glibc::::::::		2.11.2
cpe:2.3:a:gnu:glibc:1.05:::::::*
cpe:2.3:a:gnu:glibc:2.2:::::::*
cpe:2.3:a:gnu:glibc:2.10.2:::::::*

Related information, measures and tools

No	URL	タグ
1	http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
2	http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
3	http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
4	http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
5	http://seclists.org/fulldisclosure/2010/Oct/344
6	http://seclists.org/fulldisclosure/2010/Oct/344
7	http://seclists.org/fulldisclosure/2019/Jun/18
8	http://seclists.org/fulldisclosure/2019/Jun/18
9	http://seclists.org/fulldisclosure/2023/Jul/31
10	http://seclists.org/fulldisclosure/2023/Jul/31
11	http://secunia.com/advisories/42787	Vendor Advisory
12	http://secunia.com/advisories/42787	Vendor Advisory
13	http://security.gentoo.org/glsa/glsa-201011-01.xml
14	http://security.gentoo.org/glsa/glsa-201011-01.xml
15	http://sourceware.org/ml/libc-hacker/2010-10/msg00010.html	Patch
16	http://sourceware.org/ml/libc-hacker/2010-10/msg00010.html	Patch
17	http://support.avaya.com/css/P8/documents/100121017
18	http://support.avaya.com/css/P8/documents/100121017
19	http://www.debian.org/security/2010/dsa-2122
20	http://www.debian.org/security/2010/dsa-2122
21	http://www.mandriva.com/security/advisories?name=MDVSA-2010:212
22	http://www.mandriva.com/security/advisories?name=MDVSA-2010:212
23	http://www.openwall.com/lists/oss-security/2023/07/19/9
24	http://www.openwall.com/lists/oss-security/2023/07/19/9
25	http://www.openwall.com/lists/oss-security/2023/07/20/1
26	http://www.openwall.com/lists/oss-security/2023/07/20/1
27	http://www.redhat.com/support/errata/RHSA-2010-0872.html
28	http://www.redhat.com/support/errata/RHSA-2010-0872.html
29	http://www.securityfocus.com/archive/1/515545/100/0/threaded
30	http://www.securityfocus.com/archive/1/515545/100/0/threaded
31	http://www.securityfocus.com/bid/44347
32	http://www.securityfocus.com/bid/44347
33	http://www.ubuntu.com/usn/USN-1009-1
34	http://www.ubuntu.com/usn/USN-1009-1
35	http://www.vmware.com/security/advisories/VMSA-2011-0001.html
36	http://www.vmware.com/security/advisories/VMSA-2011-0001.html
37	http://www.vupen.com/english/advisories/2011/0025	Vendor Advisory
38	http://www.vupen.com/english/advisories/2011/0025	Vendor Advisory
39	https://bugzilla.redhat.com/show_bug.cgi?id=645672	Patch
40	https://bugzilla.redhat.com/show_bug.cgi?id=645672	Patch
41	https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
42	https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
43	https://rhn.redhat.com/errata/RHSA-2010-0793.html
44	https://rhn.redhat.com/errata/RHSA-2010-0793.html
45	https://seclists.org/bugtraq/2019/Jun/14
46	https://seclists.org/bugtraq/2019/Jun/14
47	https://www.exploit-db.com/exploits/44025/
48	https://www.exploit-db.com/exploits/44025/

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN Vulnerability Information

GNU C library の ld.so における権限昇格の脆弱性

Title	GNU C library の ld.so における権限昇格の脆弱性
Summary	GNU C library (glibc または libc6) の ld.so は、監査オブジェクトとして dynamic shared objects (DSOs) の参照を行う LD_AUDIT 環境変数の使用を適切に制限しないため、権限を取得される脆弱性が存在します。
Possible impacts	ローカルユーザにより、信頼されたライブラリディレクトリ内に配置された安全ではない DSO を介して、権限を取得される可能性があります。
Solution	ベンダ情報及び参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 25, 2010, midnight
Registration Date	Jan. 25, 2011, 3:48 p.m.
Last Update	Jan. 25, 2011, 3:48 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux Desktop 6

Red Hat Enterprise Linux HPC Node 6

Red Hat Enterprise Linux Server 6

Red Hat Enterprise Linux Workstation 6

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

GNU Project

GNU C Library 2.11.3 未満

GNU C Library 2.11.x から 2.12.1

VMware

VMware ESX 4.0

VMware ESX 4.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-3856	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
National Vulnerability Database (NVD)
2	CVE-2010-3856	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3856

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
GNU C Library
1	Top Page	http://www.gnu.org/software/libc
MIRACLE LINUX アップデート情報
2	glibc-2.5-49.7.0.1.AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1289
Red Hat Security Advisory
3	RHSA-2010:0793	https://rhn.redhat.com/errata/RHSA-2010-0793.html
4	RHSA-2010:0872	https://rhn.redhat.com/errata/RHSA-2010-0872.html
VMware Security Advisories
5	VMSA-2011-0001	http://www.vmware.com/security/advisories/VMSA-2011-0001.html

その他

No	Name	URL
Secunia Advisory
1	SA42787	http://secunia.com/advisories/42787
SecurityFocus
2	44347	http://www.securityfocus.com/bid/44347
VUPEN Security
3	VUPEN/ADV-2011-0025	http://www.vupen.com/english/advisories/2011/0025

Change Log

No	Changed Details	Date of change
0	[2011年01月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:gnu:glibc:2.2.2:::::::*
cpe:2.3:a:gnu:glibc:2.9:::::::*
cpe:2.3:a:gnu:glibc:2.7:::::::*
cpe:2.3:a:gnu:glibc:2.1.2:::::::*
cpe:2.3:a:gnu:glibc:2.11:::::::*
cpe:2.3:a:gnu:glibc:2.0.5:::::::*
cpe:2.3:a:gnu:glibc:2.2.5:::::::*
cpe:2.3:a:gnu:glibc:2.0.6:::::::*
cpe:2.3:a:gnu:glibc:2.10.1:::::::*
cpe:2.3:a:gnu:glibc:1.00:::::::*
cpe:2.3:a:gnu:glibc:1.06:::::::*
cpe:2.3:a:gnu:glibc:2.1.1:::::::*
cpe:2.3:a:gnu:glibc:1.02:::::::*
cpe:2.3:a:gnu:glibc:2.0.3:::::::*
cpe:2.3:a:gnu:glibc:1.07:::::::*
cpe:2.3:a:gnu:glibc:2.3.1:::::::*
cpe:2.3:a:gnu:glibc:2.3:::::::*
cpe:2.3:a:gnu:glibc:2.12.0:::::::*
cpe:2.3:a:gnu:glibc:2.0:::::::*
cpe:2.3:a:gnu:glibc:2.1.1.6:::::::*
cpe:2.3:a:gnu:glibc:1.04:::::::*
cpe:2.3:a:gnu:glibc:1.01:::::::*
cpe:2.3:a:gnu:glibc:2.3.10:::::::*
cpe:2.3:a:gnu:glibc:2.4:::::::*
cpe:2.3:a:gnu:glibc:2.1:::::::*
cpe:2.3:a:gnu:glibc:2.3.4:::::::*
cpe:2.3:a:gnu:glibc:1.09.1:::::::*
cpe:2.3:a:gnu:glibc:2.1.9:::::::*
cpe:2.3:a:gnu:glibc:2.3.3:::::::*
cpe:2.3:a:gnu:glibc:2.12.1:::::::*
cpe:2.3:a:gnu:glibc:2.6.1:::::::*
cpe:2.3:a:gnu:glibc:2.0.1:::::::*
cpe:2.3:a:gnu:glibc:1.09:::::::*
cpe:2.3:a:gnu:glibc:2.10:::::::*
cpe:2.3:a:gnu:glibc:2.5.1:::::::*
cpe:2.3:a:gnu:glibc:2.6:::::::*
cpe:2.3:a:gnu:glibc:2.0.4:::::::*
cpe:2.3:a:gnu:glibc:2.0.2:::::::*
cpe:2.3:a:gnu:glibc:2.2.1:::::::*
cpe:2.3:a:gnu:glibc:2.3.2:::::::*
cpe:2.3:a:gnu:glibc:1.03:::::::*
cpe:2.3:a:gnu:glibc:2.1.3.10:::::::*
cpe:2.3:a:gnu:glibc:2.3.6:::::::*
cpe:2.3:a:gnu:glibc:2.2.3:::::::*
cpe:2.3:a:gnu:glibc:2.5:::::::*
cpe:2.3:a:gnu:glibc:1.08:::::::*
cpe:2.3:a:gnu:glibc:2.3.5:::::::*
cpe:2.3:a:gnu:glibc:2.8:::::::*
cpe:2.3:a:gnu:glibc:2.11.1:::::::*
cpe:2.3:a:gnu:glibc:2.2.4:::::::*
cpe:2.3:a:gnu:glibc:2.1.3:::::::*
cpe:2.3:a:gnu:glibc::::::::		2.11.2
cpe:2.3:a:gnu:glibc:1.05:::::::*
cpe:2.3:a:gnu:glibc:2.2:::::::*
cpe:2.3:a:gnu:glibc:2.10.2:::::::*