CVE-2011-0536

CVE Details

Release Date:	2011-04-08
Impact:	Important	What is this?

Description

ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program. Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.

See more information about CVE-2011-0536 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v2 metrics

Base Score:	6.9
Vector String:	AV:L/AC:M/Au:N/C:C/I:C/A:C
Version:	2.0
Attack Vector:	Local
Attack Complexity:	Medium
Authentication:	None
Confidentiality Impact:	Complete
Integrity Impact:	Complete
Availability Impact:	Complete

Errata information

Platform

Errata

Release Date