Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-3847

Published: 22 October 2010

elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.

Notes

AuthorNote
kees
$ORIGIN expansion was not possible on Ubuntu due to lack of NDEBUG during build.

Priority

Negligible

Status

Package Release Status
glibc
Launchpad, Ubuntu, Debian
upstream Needs triage

dapper Not vulnerable

hardy
Released (2.7-10ubuntu7)
jaunty
Released (2.9-4ubuntu6.3)
karmic Does not exist

lucid Does not exist

maverick Does not exist

eglibc
Launchpad, Ubuntu, Debian
upstream Needs triage

dapper Does not exist

hardy Does not exist

jaunty Does not exist

karmic
Released (2.10.1-0ubuntu18)
lucid
Released (2.11.1-0ubuntu7.5)
maverick
Released (2.12.1-0ubuntu8)