CVE-2010-3856

Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.11.3 glibc versions 2.12.x prior to 2.12.2

Description The issue is related to the improper restriction of the use of the LD AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects. This allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory. The exploitation of this issue can lead to a violation of confidentiality, integrity, and availability of protected information. Exploitation can be performed locally or remotely.

Recommendations For glibc versions prior to 2.11.3, update to version 2.11.3 or later. For glibc versions 2.12.x prior to 2.12.2, update to version 2.12.2 or later. As a temporary workaround, consider restricting the use of the LD AUDIT environment variable to prevent referencing dynamic shared objects as audit objects.