3.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.3%
ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands
the $ORIGIN dynamic string token when RPATH is composed entirely of this
token, which might allow local users to gain privileges by creating a hard
link in an arbitrary directory to a (1) setuid or (2) setgid program with
this RPATH value, and then executing the program with a crafted value for
the LD_PRELOAD environment variable, a different vulnerability than
CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any
standard operating-system distribution would ship an applicable setuid or
setgid program.
Author | Note |
---|---|
sbeattie | there may be reggressions introduced by the 3 commits below that are addressed by the following commits. http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=47c3cd7a74e8c089d60d603afce6d9cf661178d6;hp=d08055417d0187875806161fab8c4777adfb7ba8 http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=22836f52e3e4740e450f9b93a2f1e31a90b168a6;hp=7b3b0b2a63f7e980adb630550c0dc9639ec09d7f |