CVE-2010-3856 : Detail

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 18105

Publication date : 2011-11-09 23h00 +00:00
Author : zx2c4
EDB Verified : Yes

Exploit Database EDB-ID : 44025

Publication date : 2018-02-11 23h00 +00:00
Author : Metasploit
EDB Verified : Yes

Exploit Database EDB-ID : 15304

Publication date : 2010-10-21 22h00 +00:00
Author : Tavis Ormandy
EDB Verified : Yes

Products Mentioned

Configuraton 0

Gnu>>Glibc >> Version To (including) 2.11.2

Gnu>>Glibc >> Version 1.00

Gnu>>Glibc >> Version 1.01

Gnu>>Glibc >> Version 1.02

Gnu>>Glibc >> Version 1.03

Gnu>>Glibc >> Version 1.04

Gnu>>Glibc >> Version 1.05

Gnu>>Glibc >> Version 1.06

Gnu>>Glibc >> Version 1.07

Gnu>>Glibc >> Version 1.08

Gnu>>Glibc >> Version 1.09

Gnu>>Glibc >> Version 1.09.1

Gnu>>Glibc >> Version 2.0

Gnu>>Glibc >> Version 2.0.1

Gnu>>Glibc >> Version 2.0.2

Gnu>>Glibc >> Version 2.0.3

Gnu>>Glibc >> Version 2.0.4

Gnu>>Glibc >> Version 2.0.5

Gnu>>Glibc >> Version 2.0.6

Gnu>>Glibc >> Version 2.1

Gnu>>Glibc >> Version 2.1.1

Gnu>>Glibc >> Version 2.1.1.6

Gnu>>Glibc >> Version 2.1.2

Gnu>>Glibc >> Version 2.1.3

Gnu>>Glibc >> Version 2.1.3.10

Gnu>>Glibc >> Version 2.1.9

Gnu>>Glibc >> Version 2.2

Gnu>>Glibc >> Version 2.2.1

Gnu>>Glibc >> Version 2.2.2

Gnu>>Glibc >> Version 2.2.3

Gnu>>Glibc >> Version 2.2.4

Gnu>>Glibc >> Version 2.2.5

Gnu>>Glibc >> Version 2.3

Gnu>>Glibc >> Version 2.3.1

Gnu>>Glibc >> Version 2.3.2

Gnu>>Glibc >> Version 2.3.3

Gnu>>Glibc >> Version 2.3.4

Gnu>>Glibc >> Version 2.3.5

Gnu>>Glibc >> Version 2.3.6

Gnu>>Glibc >> Version 2.3.10

Gnu>>Glibc >> Version 2.4

Gnu>>Glibc >> Version 2.5

Gnu>>Glibc >> Version 2.5.1

Gnu>>Glibc >> Version 2.6

Gnu>>Glibc >> Version 2.6.1

Gnu>>Glibc >> Version 2.7

Gnu>>Glibc >> Version 2.8

Gnu>>Glibc >> Version 2.9

Gnu>>Glibc >> Version 2.10

Gnu>>Glibc >> Version 2.10.1

Gnu>>Glibc >> Version 2.10.2

Gnu>>Glibc >> Version 2.11

Gnu>>Glibc >> Version 2.11.1

Gnu>>Glibc >> Version 2.12.0

Gnu>>Glibc >> Version 2.12.1

References