CVE-2010-0830

Name of the Vulnerable Software and Affected Versions glibc versions 2.0.1 through 2.11.1 glibc-2.3.4 libc6 versions prior to 2.11.2-r3 libc6-dev-i386 libc6-dev-sparc64 libc6-dev-mips64 libc6-dev-ppc64 libc6-dev-s390x libc6-dev-mipsn32 libc6-dev-amd64 libc6 libc6-sparcv9b libc6-mipsn32 libc6-udeb libc6.1-dbg libc6.1-dev libc6.1-pic libc6.1-udeb libc6.1 libc6-amd64 libc6-i386 libc6-i686 libc6-mips64 libc6-ppc64 libc6-s390x libc6-dbg libc6-pic libc6.1-alphaev67 glibc-profile-2.3.4 glibc-profile-64bit glibc-headers-2.3.4 glibc-common-2.3.4 glibc-utils-2.3.4 glibc-devel-2.3.4 glibc-devel-64bit glibc-dceext glibc-dceext-32bit glibc-locale-64bit glibc-debuginfo nptl-devel-2.3.4 nscd libnss-dns-udeb libnss-files-udeb locales locales-all

Description The issue is related to multiple vulnerabilities in the glibc library, which provides system calls and basic functions. These vulnerabilities can lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be performed remotely or locally, depending on the specific vulnerability and the system configuration. One of the vulnerabilities is an integer signedness error in the elf get dynamic info function, which can allow a remote attacker to execute arbitrary code with the help of a specially crafted ELF program containing a negative value for a certain d tag structure member in the ELF header.

Recommendations As a temporary workaround, consider disabling the elf get dynamic info function until a patch is available. Restrict access to the vulnerable glibc library to minimize the risk of exploitation. Avoid using the glibc library until the issue is resolved. Update glibc to version 2.11.2-r3 or later. Update libc6 to version 2.11.2-r3 or later. For each affected version, apply the corresponding patch or update to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.