Untrusted Search Path Vulnerabilities in GNU C Library Affecting Red Hat Enterprise Linux
CVE-2011-0536

Currently unrated

Key Information:

Vendor: Gnu
Status: Glibc; Enterprise Linux
Vendor: CVE Published:; 8 April 2011

Summary

Certain modified versions of the GNU C Library exhibit multiple vulnerabilities related to untrusted search paths. These flaws may permit local users to escalate privileges by executing crafted dynamic shared objects (DSOs) located in a subdirectory of the current working directory when launching a setuid or setgid program that includes $ORIGIN in its RPATH or RUNPATH. This issue arises from an improper fix of a previous vulnerability, showcasing the intricate risks involved when managing shared libraries in Linux operating systems.

References

http://www.securityfocus.com/archive/1/520102/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/46397

third-party-advisoryx_refsource_SECUNIA

http://www.redhat.com/support/errata/RHSA-2011-0412.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Apr 8, 2011
Vulnerability Reserved
Jan 20, 2011