Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0536Untrusted Search Path in Glibc

CWE-426Untrusted Search Path8 documents7 sources
Severity
6.9MEDIUMNVD
EPSS
0.3%
top 48.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Glibc
Timeline
PublishedApr 8
Latest updateMay 14

Description

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced lib

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

NVDgnu/glibc2.12-1.7.el6_0.3, 2.5-49.el5_5.6+1

Patches

Patch: openwall.comPatch: openwall.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-3hm4-67xr-p92g: Multiple untrusted search path vulnerabilities in elf/dl-object2022-05-14
CVEList
CVE-2011-0536: Multiple untrusted search path vulnerabilities in elf/dl-object2011-04-08

💥Exploits & PoCs

1
Exploit-DB
GNU C library dynamic linker - '$ORIGIN' Expansion2010-10-18

📋Vendor Advisories

3
Red Hat
glibc: ld.so insecure handling of privileged programs' RPATHs with $ORIGIN2011-01-12
Red Hat
glibc: fix causes linker to search CWD when running privileged program with $ORIGIN in R*PATH2011-01-11
Debian
CVE-2011-0536: glibc - Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain mod...2011

💬Community

1
Bugzilla
CVE-2011-0536 glibc: CVE-2010-3847 fix causes linker to search CWD when running privileged program with $ORIGIN in R*PATH2011-01-07
CVE-2011-0536 — Untrusted Search Path in GNU Glibc | cvebase