Vulnerability identifier: #VU45142

Vulnerability risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2011-1658

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Glibc
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Glibc: 1.00 - 2.12.2

---

External links
http://secunia.com/advisories/46397
http://sourceware.org/bugzilla/show_bug.cgi?id=12393
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://bugzilla.redhat.com/show_bug.cgi?id=667974
http://exchange.xforce.ibmcloud.com/vulnerabilities/66820

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.