Main Vulnerability Database Vulnerabilities #VU45142

Permissions, Privileges, and Access Controls in Glibc - CVE-2011-1658

Published: April 8, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU45142

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-1658

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GNU

Affected software:
Glibc

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program.

How to mitigate CVE-2011-1658

Install update from vendor's website.

Permissions, Privileges, and Access Controls in Glibc - CVE-2011-1658

Detailed vulnerability description

How to mitigate CVE-2011-1658

Sources

Please verify you're human