Vulnerability Details : CVE-2011-1658
ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program.
Products affected by CVE-2011-1658
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1658
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1658
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.7
|
LOW | AV:L/AC:H/Au:N/C:P/I:P/A:P |
1.9
|
6.4
|
NIST |
CWE ids for CVE-2011-1658
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1658
-
http://sourceware.org/bugzilla/show_bug.cgi?id=12393
12393 – (CVE-2011-1658) ld.so: insecure handling of privileged programs' RPATHs with $ORIGIN (CVE-2011-1658)Patch
-
https://bugzilla.redhat.com/show_bug.cgi?id=667974
667974 – (CVE-2011-0536) CVE-2011-0536 glibc: CVE-2010-3847 fix causes linker to search CWD when running privileged program with $ORIGIN in R*PATHPatch
-
http://secunia.com/advisories/46397
Sign in
-
http://www.securityfocus.com/archive/1/520102/100/0/threaded
SecurityFocus
-
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
VMSA-2011-0012.3
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66820
GNU C Library ld.so privilege escalation CVE-2011-1658 Vulnerability Report
Jump to