7.6 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.3%
ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | glibc | < 2.10.1-7 | glibc_2.10.1-7_all.deb |
Debian | 11 | all | glibc | < 2.10.1-7 | glibc_2.10.1-7_all.deb |
Debian | 10 | all | glibc | < 2.10.1-7 | glibc_2.10.1-7_all.deb |
Debian | 999 | all | glibc | < 2.10.1-7 | glibc_2.10.1-7_all.deb |
Debian | 13 | all | glibc | < 2.10.1-7 | glibc_2.10.1-7_all.deb |