CVE-2011-0536

2011-04-0800:00:00

ubuntu.com

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.3%

JSON

Multiple untrusted search path vulnerabilities in elf/dl-object.c in
certain modified versions of the GNU C Library (aka glibc or libc6),
including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat
Enterprise Linux, allow local users to gain privileges via a crafted
dynamic shared object (DSO) in a subdirectory of the current working
directory during execution of a (1) setuid or (2) setgid program that has
$ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a
referenced library. NOTE: this issue exists because of an incorrect fix for
CVE-2010-3847.

OSVersionArchitecturePackageVersionFilename
ubuntu9.10noarcheglibc< 2.10.1-0ubuntu19UNKNOWN
ubuntu10.04noarcheglibc< 2.11.1-0ubuntu7.7UNKNOWN
ubuntu10.10noarcheglibc< 2.12.1-0ubuntu10.1UNKNOWN
ubuntu8.04noarchglibc< 2.7-10ubuntu8UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	9.10	noarch	eglibc	< 2.10.1-0ubuntu19	UNKNOWN
ubuntu	10.04	noarch	eglibc	< 2.11.1-0ubuntu7.7	UNKNOWN
ubuntu	10.10	noarch	eglibc	< 2.12.1-0ubuntu10.1	UNKNOWN
ubuntu	8.04	noarch	glibc	< 2.7-10ubuntu8	UNKNOWN