Search for vulnerabilities
Vulnerability details: VCID-gy9w-16kr-aaaf
Vulnerability ID VCID-gy9w-16kr-aaaf
Aliases CVE-2010-3847
Summary elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-59 Improper Link Resolution Before File Access ('Link Following')
CWE-426 Untrusted Search Path
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2010:0787
rhas Important https://access.redhat.com/errata/RHSA-2010:0872
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.03847 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.04983 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.04983 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.04983 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.04983 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.04983 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.04983 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.05755 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.05755 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.05755 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.05755 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.05755 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.05755 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
epss 0.07255 https://api.first.org/data/v1/epss?cve=CVE-2010-3847
cvssv2 6.9 https://nvd.nist.gov/vuln/detail/CVE-2010-3847
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3847.json
https://api.first.org/data/v1/epss?cve=CVE-2010-3847
https://bugzilla.redhat.com/show_bug.cgi?id=643306
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
http://seclists.org/fulldisclosure/2010/Oct/257
http://seclists.org/fulldisclosure/2010/Oct/292
http://seclists.org/fulldisclosure/2010/Oct/294
http://secunia.com/advisories/42787
http://security.gentoo.org/glsa/glsa-201011-01.xml
https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html
https://rhn.redhat.com/errata/RHSA-2010-0787.html
http://support.avaya.com/css/P8/documents/100120941
https://www.exploit-db.com/exploits/44024/
https://www.exploit-db.com/exploits/44025/
http://www.debian.org/security/2010/dsa-2122
http://www.kb.cert.org/vuls/id/537223
http://www.mandriva.com/security/advisories?name=MDVSA-2010:207
http://www.redhat.com/support/errata/RHSA-2010-0872.html
http://www.securityfocus.com/archive/1/515545/100/0/threaded
http://www.securityfocus.com/bid/44154
http://www.ubuntu.com/usn/USN-1009-1
http://www.vmware.com/security/advisories/VMSA-2011-0001.html
http://www.vupen.com/english/advisories/2011/0025
600667 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600667
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*
CVE-2010-3847 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/44024.rb
CVE-2010-3847 https://nvd.nist.gov/vuln/detail/CVE-2010-3847
CVE-2010-3847 Exploit https://raw.githubusercontent.com/rapid7/metasploit-framework/add7ae8fa18f689ff7e41057bc5bd51fdc8eaa5e/modules/exploits/linux/local/glibc_origin_expansion_priv_esc.rb
CVE-2010-3856;CVE-2010-3847 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/44025.rb
CVE-2010-3856;CVE-2010-3847 Exploit https://raw.githubusercontent.com/rapid7/metasploit-framework/cb1b59545b1378be9e781787b028fee03d734f58/modules/exploits/linux/local/glibc_ld_audit_dso_load_priv_esc.rb
CVE-2010-3856;OSVDB-68920;CVE-2010-3847 Exploit http://marc.info/?l=full-disclosure&m=128776663124692&w=2
CVE-2010-3856;OSVDB-68920;CVE-2010-3847 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/15304.txt
GLSA-201011-01 https://security.gentoo.org/glsa/201011-01
GLSA-201312-01 https://security.gentoo.org/glsa/201312-01
RHSA-2010:0787 https://access.redhat.com/errata/RHSA-2010:0787
RHSA-2010:0872 https://access.redhat.com/errata/RHSA-2010:0872
USN-1009-1 https://usn.ubuntu.com/1009-1/
Data source Exploit-DB
Date added Oct. 18, 2010
Description GNU C library dynamic linker - '$ORIGIN' Expansion
Ransomware campaign use Known
Source publication date Oct. 18, 2010
Exploit type local
Platform linux
Source update date Oct. 18, 2010
Data source Metasploit
Description This module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc `ld.so` versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the `LD_AUDIT` environment variable when loading setuid executables which allows control over the `$ORIGIN` library search path resulting in execution of arbitrary shared objects. This module opens a file descriptor to the specified suid executable via a hard link, then replaces the hard link with a shared object before instructing the linker to execute the file descriptor, resulting in arbitrary code execution. The specified setuid binary must be readable and located on the same file system partition as the specified writable directory. This module has been tested successfully on: glibc 2.5 on CentOS 5.4 (x86_64); glibc 2.5 on CentOS 5.5 (x86_64); glibc 2.12 on Fedora 13 (i386); and glibc 2.5-49 on RHEL 5.5 (x86_64). Some versions of `ld.so`, such as the version shipped with Ubuntu 14, hit a failed assertion in `dl_open_worker` causing exploitation to fail.
Note 
Stability:
  - crash-safe
Reliability:
  - repeatable-session
SideEffects:
  - artifacts-on-disk
Ransomware campaign use Unknown
Source publication date Oct. 18, 2010
Platform Linux
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/local/glibc_origin_expansion_priv_esc.rb
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2010-3847
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.39305
EPSS Score 0.00089
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.