Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2011-0536

Disclosure Date: April 08, 2011
CVE-2011-0536
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2011-0536 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0536)
Advisory
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (http://www.securityfocus.com/archive/1/520102/100/0/threaded)
SECUNIA-46397 (http://secunia.com/advisories/46397)
http://www.redhat.com/support/errata/RHSA-2011-0412.html
ADV-2011-0863 (http://www.vupen.com/english/advisories/2011/0863)
[oss-security] 20110203 Re: CVE request: glibc CVE-2010-3847 fix regression (http://openwall.com/lists/oss-security/2011/02/03/2)
https://bugzilla.redhat.com/show_bug.cgi?id=667974
SECUNIA-43989 (http://secunia.com/advisories/43989)
USN-1009-2 (http://www.ubuntu.com/usn/USN-1009-2)
SECTRACK-1025289 (http://securitytracker.com/id?1025289)
DSA-2122-2 (http://lists.debian.org/debian-security-announce/2011/msg00005.html)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
SECUNIA-43830 (http://secunia.com/advisories/43830)
http://www.redhat.com/support/errata/RHSA-2011-0413.html
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13086
https://launchpad.net/bugs/701783
http://sourceware.org/git?p=glibc.git;a=commit;h=96611391ad8823ba58405325d78cefeae5cdf699
[oss-security] 20110203 CVE request: glibc CVE-2010-3847 fix regression (http://openwall.com/lists/oss-security/2011/02/01/3)
Miscellaneous
https://access.redhat.com/errata/RHSA-2011:0412
https://access.redhat.com/errata/RHSA-2011:0413
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=96611391ad8823ba58405325d78cefeae5cdf699
https://access.redhat.com/security/cve/CVE-2011-0536

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis