6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
29.5%
The glibc packages contain the standard C libraries used by multiple
programs on the system. These packages contain the standard C and the
standard math libraries. Without these two libraries, a Linux system cannot
function properly.
It was discovered that the glibc dynamic linker/loader did not handle the
$ORIGIN dynamic string token set in the LD_AUDIT environment variable
securely. A local attacker with write access to a file system containing
setuid or setgid binaries could use this flaw to escalate their privileges.
(CVE-2010-3847)
Red Hat would like to thank Tavis Ormandy for reporting this issue.
All users should upgrade to these updated packages, which contain a
backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | i386 | glibc | < 2.5-49.el5_5.6 | glibc-2.5-49.el5_5.6.i386.rpm |
RedHat | 5 | ppc64 | glibc-devel | < 2.5-49.el5_5.6 | glibc-devel-2.5-49.el5_5.6.ppc64.rpm |
RedHat | 5 | x86_64 | glibc-common | < 2.5-49.el5_5.6 | glibc-common-2.5-49.el5_5.6.x86_64.rpm |
RedHat | 5 | s390 | glibc-devel | < 2.5-49.el5_5.6 | glibc-devel-2.5-49.el5_5.6.s390.rpm |
RedHat | 5 | i386 | glibc-headers | < 2.5-49.el5_5.6 | glibc-headers-2.5-49.el5_5.6.i386.rpm |
RedHat | 5 | ia64 | glibc-devel | < 2.5-49.el5_5.6 | glibc-devel-2.5-49.el5_5.6.ia64.rpm |
RedHat | 5 | ia64 | nscd | < 2.5-49.el5_5.6 | nscd-2.5-49.el5_5.6.ia64.rpm |
RedHat | 5 | ppc | glibc-utils | < 2.5-49.el5_5.6 | glibc-utils-2.5-49.el5_5.6.ppc.rpm |
RedHat | 5 | x86_64 | nscd | < 2.5-49.el5_5.6 | nscd-2.5-49.el5_5.6.x86_64.rpm |
RedHat | 5 | i686 | glibc | < 2.5-49.el5_5.6 | glibc-2.5-49.el5_5.6.i686.rpm |