Search for vulnerabilities
| Vulnerability ID | VCID-39ue-dyfk-duen |
| Aliases |
CVE-2010-3856
|
| Summary | |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 0.1 |
| Risk | 0.2 |
| Affected and Fixed Packages | Package Details |
| CWE-426 | Untrusted Search Path |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3856.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2010-3856 | ||
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856 | ||
| 600667 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600667 | |
| 645672 | https://bugzilla.redhat.com/show_bug.cgi?id=645672 | |
| CVE-2010-3856;OSVDB-68920 | Exploit | https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/18105.sh |
| RHSA-2010:0793 | https://access.redhat.com/errata/RHSA-2010:0793 | |
| RHSA-2010:0872 | https://access.redhat.com/errata/RHSA-2010:0872 | |
| USN-1009-1 | https://usn.ubuntu.com/1009-1/ |
| Data source | Exploit-DB |
|---|---|
| Date added | Oct. 22, 2010 |
| Description | GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation |
| Ransomware campaign use | Known |
| Source publication date | Oct. 22, 2010 |
| Exploit type | local |
| Platform | linux |
| Source update date | Oct. 22, 2010 |
| Source URL | http://marc.info/?l=full-disclosure&m=128776663124692&w=2 |
| Data source | Metasploit |
|---|---|
| Description | This module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LD_AUDIT environment variable when loading setuid executables. This allows loading arbitrary shared objects from the trusted library search path with the privileges of the suid user. This module uses LD_AUDIT to load the libpcprofile.so shared object, distributed with some versions of glibc, and leverages arbitrary file creation functionality in the library constructor to write a root-owned world-writable file to a system trusted search path (usually /lib). The file is then overwritten with a shared object then loaded with LD_AUDIT resulting in arbitrary code execution. This module has been tested successfully on glibc version 2.11.1 on Ubuntu 10.04 x86_64 and version 2.7 on Debian 5.0.4 i386. RHEL 5 is reportedly affected, but untested. Some glibc distributions do not contain the libpcprofile.so library required for successful exploitation. |
| Note | Stability: - crash-safe Reliability: - repeatable-session SideEffects: - artifacts-on-disk |
| Ransomware campaign use | Unknown |
| Source publication date | Oct. 18, 2010 |
| Platform | Linux |
| Source URL | https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/local/glibc_ld_audit_dso_load_priv_esc.rb |
| Percentile | 0.90208 |
| EPSS Score | 0.05862 |
| Published At | Sept. 16, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T08:38:32.974596+00:00 | Ubuntu USN Importer | Import | https://usn.ubuntu.com/1009-1/ | 37.0.0 |