CVE-2010-3856

CVE-2010-3856

4 years ago

source link: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.

Recommend

CVE-2010-3856

CVE-2010-3856

Recommend

Stephen's project ideas

Java is not type-safe

"Fast, secure, safe: the web that can still be" by Chris Morgan

"Type Systems - The Good, Bad and Ugly" by Paul Snively and Amanda Lau...

db(1) - Unix First Edition Manual Page

Inferring data polymorphism in systems code

Fundamental Concepts in Programming Languages

Legal Copyright

Twitter. It’s what’s happening / Twitter

stephenrkell

About Joyk