QwikSec

Security Database

CVE

CWE

Training

CVE-2019-1010023

Published: Jul 15, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

Vendor	Product	Versions
GNU Libc	glibc	affected `current (At least as of 2018-02-16)`

References

https://sourceware.org/bugzilla/show_bug.cgi?id=22851

x_refsource_MISC

vdb-entry

x_refsource_BID

https://support.f5.com/csp/article/K11932200?utm_source=f5support&amp%3Butm_medium=RSS

x_refsource_CONFIRM

CVE-2019-1010023

vendor-advisory

x_refsource_DEBIAN

CVE-2019-1010023

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.