openSUSE Security Update : glibc (openSUSE-SU-2010:0913-1)

High Nessus Plugin ID 50373


The remote openSUSE host is missing a security update.


This update of glibc fixes various bugs and security issues :

CVE-2010-3847: Decoding of the $ORIGIN special value in various LD_ environment variables allowed local attackers to execute code in context of e.g. setuid root programs, elevating privileges. This issue does not affect SUSE as an assertion triggers before the respective code is executed. The bug was fixed nevertheless.

CVE-2010-3856: The LD_AUDIT environment was not pruned during setuid root execution and could load shared libraries from standard system library paths. This could be used by local attackers to inject code into setuid root programs and so elevated privileges.

CVE-2010-0830: Integer overflow causing arbitrary code execution in

--verify mode could be induced by a specially crafted binary.

CVE-2010-0296: The addmntent() function would not escape the newline character properly, allowing the user to insert arbitrary newlines to the /etc/mtab; if the addmntent() is run by a setuid mount binary that does not do extra input checking, this would allow custom entries to be inserted in /etc/mtab.

CVE-2008-1391: The strfmon() function contains an integer overflow vulnerability in width specifiers handling that could be triggered by an attacker that can control the format string passed to strfmon().


Update the affected glibc packages.

See Also

Plugin Details

Severity: High

ID: 50373

File Name: suse_11_2_glibc-101027.nasl

Version: $Revision: 1.8 $

Type: local

Agent: unix

Published: 2010/10/28

Modified: 2018/02/12

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:glibc, p-cpe:/a:novell:opensuse:glibc-32bit, p-cpe:/a:novell:opensuse:glibc-devel, p-cpe:/a:novell:opensuse:glibc-devel-32bit, p-cpe:/a:novell:opensuse:glibc-html, p-cpe:/a:novell:opensuse:glibc-i18ndata, p-cpe:/a:novell:opensuse:glibc-info, p-cpe:/a:novell:opensuse:glibc-locale, p-cpe:/a:novell:opensuse:glibc-locale-32bit, p-cpe:/a:novell:opensuse:glibc-obsolete, p-cpe:/a:novell:opensuse:glibc-profile, p-cpe:/a:novell:opensuse:glibc-profile-32bit, p-cpe:/a:novell:opensuse:nscd, cpe:/o:novell:opensuse:11.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/10/27

Exploitable With


Core Impact

Metasploit (glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation)

Reference Information

CVE: CVE-2008-1391, CVE-2010-0296, CVE-2010-0830, CVE-2010-3847, CVE-2010-3856

CWE: 189