ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the
$ORIGIN dynamic string token when RPATH is composed entirely of this token,
which might allow local users to gain privileges by creating a hard link in
an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH
value, and then executing the program with a crafted value for the
LD_PRELOAD environment variable, a different vulnerability than
CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard
operating-system distribution would ship an applicable setuid or setgid
With regard to the $ORIGIN debate from a while ago, I'd rather ask despite the "NOTE": Is Gentoo affected by this? Please not that this is apparently not the same issue.
should be addressed in glibc-2.14.1+
This issue was resolved and addressed in
GLSA 201312-01 at http://security.gentoo.org/glsa/glsa-201312-01.xml
by GLSA coordinator Chris Reffett (creffett).