Lucene search
Gentoo FoundationGLSA-201011-01HistoryNov 15, 2010 - 12:00 a.m.
GNU C library: Multiple vulnerabilities
2010-11-1500:00:00
Gentoo Foundation
security.gentoo.org
40
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.094 Low
EPSS
Percentile
94.6%
Background
The GNU C library is the standard C library used by Gentoo Linux systems.
Description
Multiple vulnerabilities were found in glibc, amongst others the widely-known recent LD_AUDIT and $ORIGIN issues. For further information please consult the CVE entries referenced below.
Impact
A local attacker could execute arbitrary code as root, cause a Denial of Service, or gain privileges. Additionally, a user-assisted remote attacker could cause the execution of arbitrary code, and a context-dependent attacker could cause a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All GNU C library users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.11.2-r3"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | sys-libs/glibc | < 2.11.2-r3 | UNKNOWN |
Related
nessus
nessus
GLSA-201011-01 : GNU C library: Multiple vulnerabilities
2010-11-16 00:00:00
Debian DSA-2058-1 : glibc, eglibc - multiple vulnerabilities
2010-06-11 00:00:00
openSUSE Security Update : glibc (openSUSE-SU-2010:0913-1)
2010-10-28 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201011-01 (glibc)
2011-03-09 00:00:00
Gentoo Security Advisory GLSA 201011-01 (glibc)
2011-03-09 00:00:00
Debian Security Advisory DSA 2058-1 (glibc, eglibc)
2010-06-10 00:00:00
debian
debian
[SECURITY] [DSA 2058-1] New glibc packages fix several vulnerabilities
2010-06-10 08:13:46
[SECURITY] [DSA 2058-1] New glibc packages fix several vulnerabilities
2010-06-10 08:13:46
[SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalation
2010-10-22 17:05:33
osv
osv
glibc - several vulnerabilities
2010-06-10 00:00:00
glibc - privilege escalation
2010-10-22 00:00:00
glibc - local privilege escalation
2010-10-22 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: glibc-2.11.2-3
2010-10-30 23:47:35
[SECURITY] Fedora 13 Update: glibc-2.12.1-4
2010-10-28 22:19:55
[SECURITY] Fedora 14 Update: glibc-2.12.90-18
2010-10-28 22:21:37
oraclelinux
oraclelinux
glibc security and bug fix update
2011-02-10 00:00:00
glibc security update
2010-10-21 00:00:00
glibc security update
2010-10-25 00:00:00
redhat
redhat
(RHSA-2010:0872) Important: glibc security and bug fix update
2010-11-10 00:00:00
(RHSA-2010:0793) Important: glibc security update
2010-10-25 00:00:00
(RHSA-2010:0787) Important: glibc security update
2010-10-20 00:00:00
securityvulns
securityvulns
GNU C dynamic linker privilege escalation
2010-10-26 00:00:00
GNU glibc library security vulnerabilities
2010-05-27 00:00:00
packetstorm
packetstorm
GNU C Library Dynamic Linker Arbitrary DSO dlopen
2010-10-22 00:00:00
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
2018-02-10 00:00:00
exploitpack
exploitpack
GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation
2010-10-22 00:00:00
glibc - LD_AUDIT Arbitrary DSO Load Privilege Escalation
2011-11-10 00:00:00
GNU C library dynamic linker - $ORIGIN Expansion
2010-10-18 00:00:00
zdt
zdt
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation Exploit
2018-02-10 00:00:00
glibc LD_AUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation Exploit
2018-04-01 00:00:00
Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root Exploit
2013-05-19 00:00:00
ubuntu
ubuntu
GNU C Library vulnerability
2011-01-12 00:00:00
GNU C Library vulnerabilities
2010-10-22 00:00:00
GNU C Library vulnerabilities
2010-05-25 00:00:00
metasploit
metasploit
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
2018-01-28 05:11:38
glibc '$ORIGIN' Expansion Privilege Escalation
2018-02-09 21:15:04
seebug
seebug
GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability
2014-07-01 00:00:00
glibc LD_AUDIT arbitrary DSO load Privilege Escalation
2014-07-01 00:00:00
exploitdb
exploitdb
glibc - 'LD_AUDIT' Arbitrary DSO Load Privilege Escalation (Metasploit)
2018-02-12 00:00:00
GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation
2010-10-22 00:00:00
glibc - '$ORIGIN' Expansion Privilege Escalation (Metasploit)
2018-02-12 00:00:00
vmware
vmware
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:54:45
Privilege Escalation
2020-04-10 00:55:25
Privilege Escalation
2020-04-10 00:49:52
slackware
slackware
[slackware-security] glibc
2010-10-22 21:19:24
[slackware-security] glibc
2010-10-29 04:49:56
debiancve
debiancve
cve
cve
ubuntucve
ubuntucve
centos
centos
glibc, nscd security update
2010-10-26 06:41:49
glibc, nscd security update
2010-10-21 09:47:03
glibc, nscd security update
2011-04-14 13:51:19
prion
prion
Memory corruption
2010-06-01 20:30:00
Directory traversal
2011-01-07 19:00:00
Design/Logic Flaw
2011-01-07 19:00:00
canvas
canvas
Immunity Canvas: CVE_2010_3847
2011-01-07 19:00:00
Immunity Canvas: CVE_2010_3856
2011-01-07 19:00:00
cert
cert
GNU C library dynamic linker expands $ORIGIN in setuid library search path
2010-10-25 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_CVE_2010_3856
2011-01-07 19:00:00
suse
suse
local privilege escalation in glibc
2010-10-28 13:41:00
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.094 Low
EPSS
Percentile
94.6%
Related for GLSA-201011-01