CVE-2010-3856
Public exploit
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
Max CVSS
7.2
EPSS Score
0.04%
Published
2011-01-07
Updated
2023-07-20
CVE-2010-3847
Public exploit
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
Max CVSS
6.9
EPSS Score
0.08%
Published
2011-01-07
Updated
2023-02-13
2 vulnerabilities found