6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
glibc is vulnerable to privilege escalation. It was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker’s, it could execute arbitrary code with the privileges of the script.
bugs.gentoo.org/show_bug.cgi?id=330923
openwall.com/lists/oss-security/2011/03/08/21
openwall.com/lists/oss-security/2011/03/08/22
openwall.com/lists/oss-security/2011/03/08/8
secunia.com/advisories/43830
secunia.com/advisories/43976
secunia.com/advisories/43989
secunia.com/advisories/46397
security.gentoo.org/glsa/glsa-201011-01.xml
securitytracker.com/id?1025286
sources.redhat.com/bugzilla/show_bug.cgi?id=11904
sourceware.org/bugzilla/show_bug.cgi?id=11904
sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d950cb7e17dc98c4259
sourceware.org/git/?p=glibc.git;a=patch;h=026373745eab50a683536d950cb7e17dc98c4259
www.mandriva.com/security/advisories?name=MDVSA-2011:178
www.redhat.com/support/errata/RHSA-2011-0412.html
www.redhat.com/support/errata/RHSA-2011-0413.html
www.securityfocus.com/archive/1/520102/100/0/threaded
www.vmware.com/security/advisories/VMSA-2011-0012.html
www.vupen.com/english/advisories/2011/0863
access.redhat.com/errata/RHSA-2011:0412
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=625893
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272