CVE-2010-0830

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.

References

http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html

http://frugalware.org/security/662

http://secunia.com/advisories/39900

http://security.gentoo.org/glsa/glsa-201011-01.xml

http://securitytracker.com/id?1024044

http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5

http://www.debian.org/security/2010/dsa-2058

http://www.mandriva.com/security/advisories?name=MDVSA-2010:111

http://www.mandriva.com/security/advisories?name=MDVSA-2010:112

http://www.securityfocus.com/bid/40063

http://www.ubuntu.com/usn/USN-944-1

http://www.vupen.com/english/advisories/2010/1246

https://exchange.xforce.ibmcloud.com/vulnerabilities/58915

https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html

Details

Source: MITRE

Published: 2010-06-01

Updated: 2017-08-17

Type: CWE-189

Risk Information

CVSS v2

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
89038VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)NessusMisc.
high
81118OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)NessusOracleVM Local Security Checks
high
79283RHEL 5 : rhev-hypervisor5 (RHSA-2012:0168)NessusRed Hat Local Security Checks
high
70886ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)NessusMisc.
medium
70885ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)NessusMisc.
high
68456Oracle Linux 5 : glibc (ELSA-2012-0126)NessusOracle Linux Local Security Checks
medium
68455Oracle Linux 4 : glibc (ELSA-2012-0125)NessusOracle Linux Local Security Checks
high
63332VMSA-2012-0018 : VMware security updates for vCSA and ESXiNessusVMware ESX Local Security Checks
high
61747VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party librariesNessusVMware ESX Local Security Checks
critical
61244Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20120213)NessusScientific Linux Local Security Checks
medium
61243Scientific Linux Security Update : glibc on SL4.x i386/x86_64 (20120213)NessusScientific Linux Local Security Checks
high
57929RHEL 5 : glibc (RHSA-2012:0126)NessusRed Hat Local Security Checks
medium
57928RHEL 4 : glibc (RHSA-2012:0125)NessusRed Hat Local Security Checks
high
57924CentOS 5 : glibc (CESA-2012:0126)NessusCentOS Local Security Checks
medium
57923CentOS 4 : glibc (CESA-2012:0125)NessusCentOS Local Security Checks
high
57105SuSE 11.1 Security Update : glibc (SAT Patch Number 2700)NessusSuSE Local Security Checks
high
51601SuSE 11.1 Security Update : glibc (SAT Patch Number 2700)NessusSuSE Local Security Checks
high
50912SuSE 11 / 11.1 Security Update : glibc (SAT Patch Numbers 3392 / 3393)NessusSuSE Local Security Checks
high
50605GLSA-201011-01 : GNU C library: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
50377SuSE 10 Security Update : glibc (ZYPP Patch Number 7201)NessusSuSE Local Security Checks
high
50373openSUSE Security Update : glibc (openSUSE-SU-2010:0913-1)NessusSuSE Local Security Checks
high
50367openSUSE Security Update : glibc (openSUSE-SU-2010:0914-1)NessusSuSE Local Security Checks
high
49758SuSE9 Security Update : glibc (YOU Patch Number 12641)NessusSuSE Local Security Checks
high
48185Mandriva Linux Security Advisory : glibc (MDVSA-2010:112)NessusMandriva Local Security Checks
high
46861Debian DSA-2058-1 : glibc, eglibc - multiple vulnerabilitiesNessusDebian Local Security Checks
high
46849Mandriva Linux Security Advisory : glibc (MDVSA-2010:111)NessusMandriva Local Security Checks
high
46731Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : glibc, eglibc vulnerabilities (USN-944-1)NessusUbuntu Local Security Checks
high