Main Vulnerability Database Exploits ID:4406 - Exploit for Link following in Glibc - CVE-2010-3847

ID:4406 - Exploit for Link following in Glibc - CVE-2010-3847

Published: August 11, 2020

Vulnerability identifier: #VU45488

Vulnerability risk: High

CVE-ID: CVE-2010-3847

CWE-ID: CWE-59

Exploitation vector: Remote access

Vulnerable software:
Glibc

Link to public exploit:

https://www.exploit-db.com/exploits/15304/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.

Remediation

Install update from vendor's website.

ID:4406 - Exploit for Link following in Glibc - CVE-2010-3847

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human