Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-1095

Опубликовано: 11 авг. 2010
Источник: redhat
CVSS2: 3.7
EPSS Низкий

Описание

locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 3glibcWill not fix
Red Hat Enterprise Linux 4glibcFixedRHSA-2012:012513.02.2012
Red Hat Enterprise Linux 5glibcFixedRHSA-2011:041204.04.2011
Red Hat Enterprise Linux 6glibcFixedRHSA-2011:041304.04.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=625893glibc: insufficient quoting in the locale command output

EPSS

Процентиль: 24%
0.00078
Низкий

3.7 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-1095

ubuntu
около 14 лет назад

locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.

nvd логотип

CVE-2011-1095

nvd
около 14 лет назад

locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.

debian логотип

CVE-2011-1095

debian
около 14 лет назад

locale/programs/locale.c in locale in the GNU C Library (aka glibc or ...

github логотип

GHSA-hhjf-9w4x-vhhf

github
около 3 лет назад

locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.

oracle-oval логотип

ELSA-2011-0413

oracle-oval
около 14 лет назад

ELSA-2011-0413: glibc security update (IMPORTANT)

EPSS

Процентиль: 24%
0.00078
Низкий

3.7 Low

CVSS2