Описание
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 3 | glibc | Will not fix | ||
| Red Hat Enterprise Linux 4 | glibc | Fixed | RHSA-2012:0125 | 13.02.2012 |
| Red Hat Enterprise Linux 5 | glibc | Fixed | RHSA-2011:0412 | 04.04.2011 |
| Red Hat Enterprise Linux 6 | glibc | Fixed | RHSA-2011:0413 | 04.04.2011 |
Показывать по
Дополнительная информация
Статус:
3.7 Low
CVSS2
Связанные уязвимости
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
locale/programs/locale.c in locale in the GNU C Library (aka glibc or ...
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
3.7 Low
CVSS2