6.2

CVE-2011-1095

Exploit
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGlibc Version <= 2.12.2
GnuGlibc Version1.00
GnuGlibc Version1.01
GnuGlibc Version1.02
GnuGlibc Version1.03
GnuGlibc Version1.04
GnuGlibc Version1.05
GnuGlibc Version1.06
GnuGlibc Version1.07
GnuGlibc Version1.08
GnuGlibc Version1.09
GnuGlibc Version1.09.1
GnuGlibc Version2.0
GnuGlibc Version2.0.1
GnuGlibc Version2.0.2
GnuGlibc Version2.0.3
GnuGlibc Version2.0.4
GnuGlibc Version2.0.5
GnuGlibc Version2.0.6
GnuGlibc Version2.1
GnuGlibc Version2.1.1
GnuGlibc Version2.1.1.6
GnuGlibc Version2.1.2
GnuGlibc Version2.1.3
GnuGlibc Version2.1.3.10
GnuGlibc Version2.1.9
GnuGlibc Version2.2
GnuGlibc Version2.2.1
GnuGlibc Version2.2.2
GnuGlibc Version2.2.3
GnuGlibc Version2.2.4
GnuGlibc Version2.2.5
GnuGlibc Version2.3
GnuGlibc Version2.3.1
GnuGlibc Version2.3.2
GnuGlibc Version2.3.3
GnuGlibc Version2.3.4
GnuGlibc Version2.3.5
GnuGlibc Version2.3.6
GnuGlibc Version2.3.10
GnuGlibc Version2.4
GnuGlibc Version2.5
GnuGlibc Version2.5.1
GnuGlibc Version2.6
GnuGlibc Version2.6.1
GnuGlibc Version2.7
GnuGlibc Version2.8
GnuGlibc Version2.9
GnuGlibc Version2.10
GnuGlibc Version2.10.1
GnuGlibc Version2.10.2
GnuGlibc Version2.11
GnuGlibc Version2.11.1
GnuGlibc Version2.11.2
GnuGlibc Version2.11.3
GnuGlibc Version2.12.0
GnuGlibc Version2.12.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.398
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.2 1.9 10
AV:L/AC:H/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/46397
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://security.gentoo.org/glsa/glsa-201011-01.xml
Vendor Advisory
http://secunia.com/advisories/43830
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0412.html
http://www.vupen.com/english/advisories/2011/0863
Vendor Advisory
http://secunia.com/advisories/43989
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
http://www.redhat.com/support/errata/RHSA-2011-0413.html
http://bugs.gentoo.org/show_bug.cgi?id=330923
Patch
Exploit
http://openwall.com/lists/oss-security/2011/03/08/21
Patch
Exploit
http://openwall.com/lists/oss-security/2011/03/08/22
http://openwall.com/lists/oss-security/2011/03/08/8
Patch
Exploit
http://secunia.com/advisories/43976
Vendor Advisory
http://securitytracker.com/id?1025286
http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904
Exploit
http://sourceware.org/bugzilla/show_bug.cgi?id=11904
Exploit
http://sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d950cb7e17dc98c4259
https://bugzilla.redhat.com/show_bug.cgi?id=625893
Patch
Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272