CVE-2011-1658 (retired)

Priority
Description
ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands
the $ORIGIN dynamic string token when RPATH is composed entirely of this
token, which might allow local users to gain privileges by creating a hard
link in an arbitrary directory to a (1) setuid or (2) setgid program with
this RPATH value, and then executing the program with a crafted value for
the LD_PRELOAD environment variable, a different vulnerability than
CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any
standard operating-system distribution would ship an applicable setuid or
setgid program.
Notes
 sbeattie> there *may* be reggressions introduced by the 3 commits
below that are addressed by the following commits.
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=47c3cd7a74e8c089d60d603afce6d9cf661178d6;hp=d08055417d0187875806161fab8c4777adfb7ba8
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=22836f52e3e4740e450f9b93a2f1e31a90b168a6;hp=7b3b0b2a63f7e980adb630550c0dc9639ec09d7f
Assigned-to
sbeattie
More Information

Updated: 2019-09-19 15:36:25 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)