7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
29.5%
The glibc packages contain the standard C libraries used by multiple
programs on the system. These packages contain the standard C and the
standard math libraries. Without these two libraries, a Linux system
cannot function properly.
It was discovered that the glibc dynamic linker/loader did not handle the
$ORIGIN dynamic string token set in the LD_AUDIT environment variable
securely. A local attacker with write access to a file system containing
setuid or setgid binaries could use this flaw to escalate their privileges.
(CVE-2010-3847)
It was discovered that the glibc dynamic linker/loader did not perform
sufficient safety checks when loading dynamic shared objects (DSOs) to
provide callbacks for its auditing API during the execution of privileged
programs. A local attacker could use this flaw to escalate their privileges
via a carefully-chosen system DSO library containing unsafe constructors.
(CVE-2010-3856)
Red Hat would like to thank Tavis Ormandy for reporting the CVE-2010-3847
issue, and Ben Hawkes and Tavis Ormandy for reporting the CVE-2010-3856
issue.
This update also fixes the following bugs:
Previously, the generic implementation of the strstr() and memmem()
functions did not handle certain periodic patterns correctly and could find
a false positive match. This error has been fixed, and both functions now
work as expected. (BZ#643341)
The “TCB_ALIGNMENT” value has been increased to 32 bytes to prevent
applications from crashing during symbol resolution on 64-bit systems with
support for Intel AVX vector registers. (BZ#643343)
All users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | glibc | < 2.12-1.7.el6_0.3 | glibc-2.12-1.7.el6_0.3.src.rpm |
RedHat | 6 | i686 | glibc-utils | < 2.12-1.7.el6_0.3 | glibc-utils-2.12-1.7.el6_0.3.i686.rpm |
RedHat | 6 | i686 | glibc-common | < 2.12-1.7.el6_0.3 | glibc-common-2.12-1.7.el6_0.3.i686.rpm |
RedHat | 6 | i686 | glibc-headers | < 2.12-1.7.el6_0.3 | glibc-headers-2.12-1.7.el6_0.3.i686.rpm |
RedHat | 6 | s390x | glibc-static | < 2.12-1.7.el6_0.3 | glibc-static-2.12-1.7.el6_0.3.s390x.rpm |
RedHat | 6 | x86_64 | glibc-debuginfo | < 2.12-1.7.el6_0.3 | glibc-debuginfo-2.12-1.7.el6_0.3.x86_64.rpm |
RedHat | 6 | i686 | glibc-debuginfo | < 2.12-1.7.el6_0.3 | glibc-debuginfo-2.12-1.7.el6_0.3.i686.rpm |
RedHat | 6 | s390 | glibc | < 2.12-1.7.el6_0.3 | glibc-2.12-1.7.el6_0.3.s390.rpm |
RedHat | 6 | x86_64 | glibc | < 2.12-1.7.el6_0.3 | glibc-2.12-1.7.el6_0.3.x86_64.rpm |
RedHat | 6 | s390x | glibc-devel | < 2.12-1.7.el6_0.3 | glibc-devel-2.12-1.7.el6_0.3.s390x.rpm |