Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 386323 (CVE-2011-0536) - <sys-libs/glibc-2.14.1-r3: Privilege escalation (CVE-2011-0536)
Summary: <sys-libs/glibc-2.14.1-r3: Privilege escalation (CVE-2011-0536)
Status: RESOLVED FIXED
Alias: CVE-2011-0536
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal critical (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-08 14:26 UTC by GLSAMaker/CVETool Bot
Modified: 2013-12-03 04:14 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 14:26:33 UTC
CVE-2011-0536 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0536):
  Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain
  modified versions of the GNU C Library (aka glibc or libc6), including
  glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux,
  allow local users to gain privileges via a crafted dynamic shared object
  (DSO) in a subdirectory of the current working directory during execution of
  a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b)
  RUNPATH within the program itself or a referenced library. NOTE: this issue
  exists because of an incorrect fix for CVE-2010-3847.


Maintainers, could you please check if Gentoo's glibc is affected by this?
Comment 1 SpanKY gentoo-dev 2012-04-13 23:51:28 UTC
pretty sure this is fixed in glibc-2.14
Comment 3 Mark Loeser (RETIRED) gentoo-dev 2013-02-22 23:24:07 UTC
toolchain done.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-12-03 04:14:26 UTC
This issue was resolved and addressed in
 GLSA 201312-01 at http://security.gentoo.org/glsa/glsa-201312-01.xml
by GLSA coordinator Chris Reffett (creffett).