Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Glibc | Gnu | 2.5-49.el5_5.6 (including) | 2.5-49.el5_5.6 (including) |
| Glibc | Gnu | 2.12-1.7.el6_0.3 (including) | 2.12-1.7.el6_0.3 (including) |
| Red Hat Enterprise Linux 5 | RedHat | glibc-0:2.5-58.el5_6.2 | * |
| Red Hat Enterprise Linux 6 | RedHat | glibc-0:2.12-1.7.el6_0.5 | * |
| Eglibc | Ubuntu | karmic | * |
| Eglibc | Ubuntu | lucid | * |
| Eglibc | Ubuntu | maverick | * |
| Glibc | Ubuntu | hardy | * |