CVE-2011-1095
Priority
Low
Description
locale/programs/locale.c in locale in the GNU C Library (aka glibc or
libc6) before 2.13 does not quote its output, which might allow local users
to gain privileges via a crafted localization environment variable, in
conjunction with a program that executes a script that uses the eval
function.
libc6) before 2.13 does not quote its output, which might allow local users
to gain privileges via a crafted localization environment variable, in
conjunction with a program that executes a script that uses the eval
function.
References
Bugs
Assigned-to
sbeattie
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | released (2.7-10ubuntu8.1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
Patches:
| Upstream: | http://sourceware.org/git/?p=glibc.git;a=patch;h=026373745eab50a683536d950cb7e17dc98c4259 |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.11.1-0ubuntu7.10) |
| Ubuntu 11.04 (Natty Narwhal): | not-affected (2.13-0ubuntu13) |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected (2.13-0ubuntu13) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (2.13-0ubuntu13) |