6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
29.8%
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | glibc | < 2.11.2-8 | glibc_2.11.2-8_all.deb |
Debian | 11 | all | glibc | < 2.11.2-8 | glibc_2.11.2-8_all.deb |
Debian | 10 | all | glibc | < 2.11.2-8 | glibc_2.11.2-8_all.deb |
Debian | 999 | all | glibc | < 2.11.2-8 | glibc_2.11.2-8_all.deb |
Debian | 13 | all | glibc | < 2.11.2-8 | glibc_2.11.2-8_all.deb |