QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2011-0536

Back to search

CVE-2011-0536

Published: Apr 8, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.

VendorProductVersions

n/a

n/a

affected
n/a

References

46397
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:0412
vendor-advisory
x_refsource_REDHAT
ADV-2011-0863
vdb-entry
x_refsource_VUPEN
43989
third-party-advisory
x_refsource_SECUNIA
USN-1009-2
vendor-advisory
x_refsource_UBUNTU
1025289
vdb-entry
x_refsource_SECTRACK
DSA-2122-2
vendor-advisory
x_refsource_DEBIAN
MDVSA-2011:178
vendor-advisory
x_refsource_MANDRIVA
43830
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:0413
vendor-advisory
x_refsource_REDHAT
oval:org.mitre.oval:def:13086
vdb-entry
signature
x_refsource_OVAL

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now