8.4 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
29.8%
USN-1009-1 fixed vulnerabilities in the GNU C library. Colin Watson
discovered that the fixes were incomplete and introduced flaws with
setuid programs loading libraries that used dynamic string tokens in their
RPATH. If the “man” program was installed setuid, a local attacker could
exploit this to gain “man” user privileges, potentially leading to further
privilege escalations. Default Ubuntu installations were not affected.
Original advisory details:
Tavis Ormandy discovered multiple flaws in the GNU C Library’s handling
of the LD_AUDIT environment variable when running a privileged binary. A
local attacker could exploit this to gain root privileges. (CVE-2010-3847,
CVE-2010-3856)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.10 | noarch | libc6 | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc-bin | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc-dev-bin | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-dbg | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-dev | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-dev-i386 | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-i386 | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-pic | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-prof | < 2.10.1-0ubuntu19 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-udeb | < 2.10.1-0ubuntu19 | UNKNOWN |