CVE-2011-0536

Current Description

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.

Evaluator Description

Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

Referenced by CVEs:

CVE-2011-1658

Basic Data

Published	April 08, 2011
Last Modified	October 09, 2018
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	NVD-CWE-Other
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access Vector	LOCAL
CVSS 2 - Access Complexity	MEDIUM
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	COMPLETE
CVSS 2 - Availability Impact	COMPLETE
CVSS 2 - Base Score	6.9
Severity	MEDIUM
Exploitability Score	3.4
Impact Score	10.0
Obtain All Privilege	false
Obtain User Privilege	false
Obtain Other Privilege	false

Base Metric V3

No data provided.

Configurations

AND

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other	Version Start Including	Version End Including	Version Start Excluding	Version End Excluding
2.3	Application	Gnu	Glibc	2.5-49.el5_5.6	*	*	*	*	*	*	*
2.3	Application	Gnu	Glibc	2.12-1.7.el6_0.3	*	*	*	*	*	*	*

OR Running on/with:

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other	Version Start Including	Version End Including	Version Start Excluding	Version End Excluding
2.3	OS	Redhat	Enterprise Linux	*	*	*	*	*	*	*	*

Vulnerable Software List

Vendor	Product	Versions
Redhat	Enterprise Linux	*
Gnu	Glibc	2.12-1.7.el6_0.3, 2.5-49.el5_5.6

References

Name	Source	URL	Tags
DSA-2122-2	http://lists.debian.org/debian-security-announce/2011/msg00005.html	DEBIAN
[oss-security] 20110203 CVE request: glibc CVE-2010-3847 fix regression	http://openwall.com/lists/oss-security/2011/02/01/3	MLIST	PATCH
[oss-security] 20110203 Re: CVE request: glibc CVE-2010-3847 fix regression	http://openwall.com/lists/oss-security/2011/02/03/2	MLIST	PATCH
43830	http://secunia.com/advisories/43830	SECUNIA	Vendor Advisory
43989	http://secunia.com/advisories/43989	SECUNIA	Vendor Advisory
46397	http://secunia.com/advisories/46397	SECUNIA	Vendor Advisory
1025289	http://securitytracker.com/id?1025289	SECTRACK
http://sourceware.org/git/?p=glibc.git;a=commit;h=96611391ad8823ba58405325d78cefeae5cdf699	http://sourceware.org/git/?p=glibc.git;a=commit;h=96611391ad8823ba58405325d78cefeae5cdf699	CONFIRM	PATCH
MDVSA-2011:178	http://www.mandriva.com/security/advisories?name=MDVSA-2011:178	MANDRIVA
RHSA-2011:0412	http://www.redhat.com/support/errata/RHSA-2011-0412.html	REDHAT	Vendor Advisory
RHSA-2011:0413	http://www.redhat.com/support/errata/RHSA-2011-0413.html	REDHAT	Vendor Advisory
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console	http://www.securityfocus.com/archive/1/520102/100/0/threaded	BUGTRAQ
USN-1009-2	http://www.ubuntu.com/usn/USN-1009-2	UBUNTU
http://www.vmware.com/security/advisories/VMSA-2011-0012.html	http://www.vmware.com/security/advisories/VMSA-2011-0012.html	CONFIRM
ADV-2011-0863	http://www.vupen.com/english/advisories/2011/0863	VUPEN	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=667974	https://bugzilla.redhat.com/show_bug.cgi?id=667974	CONFIRM	PATCH
https://launchpad.net/bugs/701783	https://launchpad.net/bugs/701783	CONFIRM
oval:org.mitre.oval:def:13086	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13086	OVAL