Veracode Vulnerability DatabaseVERACODE:24906Privilege Escalation
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
glibc is vulnerable to privilege escalation. A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd.
References
openwall.com/lists/oss-security/2011/03/07/10
openwall.com/lists/oss-security/2011/03/07/13
openwall.com/lists/oss-security/2011/03/07/7
openwall.com/lists/oss-security/2011/03/08/1
openwall.com/lists/oss-security/2011/03/08/10
openwall.com/lists/oss-security/2011/03/08/2
openwall.com/lists/oss-security/2011/03/08/3
openwall.com/lists/oss-security/2011/03/08/7
reverse.lostrealm.com/protect/ldd.html
www.catonmat.net/blog/ldd-arbitrary-code-execution/
www.redhat.com/support/errata/RHSA-2011-1526.html
access.redhat.com/errata/RHSA-2011:1526
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=531160
bugzilla.redhat.com/show_bug.cgi?id=682998
docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.2_Technical_Notes/glibc.html#RHSA-2011-1526
Related
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C