CVE-2010-3856
EPSS 8.9%
Description
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
How to fix CVE-2010-3856
To remediate CVE-2010-3856, upgrade the affected package to a fixed version below.
- Debian/glibc—upgrade to 2.11.2-8 or later
Is CVE-2010-3856 being exploited?
Moderate — EPSS is 8.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2.11.2-8