Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1095

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2011-1095
Last Modified 26 Jan 2012 10:58:39
Published 09 Apr 2011 10:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2011-1095

Summary

locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.

Vulnerable Systems

Application

  • Gnu Glibc 1.00

  • Gnu Glibc 1.01

  • Gnu Glibc 1.02

  • Gnu Glibc 1.03

  • Gnu Glibc 1.04

  • Gnu Glibc 1.05

  • Gnu Glibc 1.06

  • Gnu Glibc 1.07

  • Gnu Glibc 1.08

  • Gnu Glibc 1.09

  • Gnu Glibc 1.09.1

  • Gnu Glibc 2.0

  • Gnu Glibc 2.0.1

  • Gnu Glibc 2.0.2

  • Gnu Glibc 2.0.3

  • Gnu Glibc 2.0.4

  • Gnu Glibc 2.0.5

  • Gnu Glibc 2.0.6

  • Gnu Glibc 2.1

  • Gnu Glibc 2.1.1

  • Gnu Glibc 2.1.1.6

  • Gnu Glibc 2.1.2

  • Gnu Glibc 2.1.3

  • Gnu Glibc 2.1.3.10

  • Gnu Glibc 2.1.9

  • Gnu Glibc 2.10

  • Gnu Glibc 2.10.1

  • Gnu Glibc 2.10.2

  • Gnu Glibc 2.11

  • Gnu Glibc 2.11.1

  • Gnu Glibc 2.11.2

  • Gnu Glibc 2.11.3

  • Gnu Glibc 2.12.0

  • Gnu Glibc 2.12.1

  • Gnu Glibc 2.12.2

  • Gnu Glibc 2.2

  • Gnu Glibc 2.2.1

  • Gnu Glibc 2.2.2

  • Gnu Glibc 2.2.3

  • Gnu Glibc 2.2.4

  • Gnu Glibc 2.2.5

  • Gnu Glibc 2.3

  • Gnu Glibc 2.3.1

  • Gnu Glibc 2.3.10

  • Gnu Glibc 2.3.2

  • Gnu Glibc 2.3.3

  • Gnu Glibc 2.3.4

  • Gnu Glibc 2.3.5

  • Gnu Glibc 2.3.6

  • Gnu Glibc 2.4

  • Gnu Glibc 2.5

  • Gnu Glibc 2.5.1

  • Gnu Glibc 2.6

  • Gnu Glibc 2.6.1

  • Gnu Glibc 2.7

  • Gnu Glibc 2.8

  • Gnu Glibc 2.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=625893

CONFIRM - http://sourceware.org/git/?p=glibc.git;a=patch;h=026373745eab50a683536d950cb7e17dc98c4259

MLIST - [oss-security] 20110308 glibc locale escaping issue

MLIST - [oss-security] 20110308 Re: glibc locale escaping issue

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=330923

VUPEN - ADV-2011-0863

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2011-0012.html

BUGTRAQ - 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console

REDHAT - RHSA-2011:0413

REDHAT - RHSA-2011:0412

CONFIRM - http://sourceware.org/bugzilla/show_bug.cgi?id=11904

CONFIRM - http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904

SECTRACK - 1025286

GENTOO - GLSA-201011-01

SECUNIA - 46397

SECUNIA - 43989

SECUNIA - 43976

SECUNIA - 43830

MANDRIVA - MDVSA-2011:178

Related Patches

Red Hat 2012:0125-01 RHSA Moderate: glibc security and bug fix update for RHEL 4 x86

Red Hat 2012:0125-01 RHSA Moderate: glibc security and bug fix update for RHEL 4 x86_64


Last Updated: 27 May 2016 10:58:04