Solution
Please Install the Updated Packages.
Insight
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.
It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LD_AUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use this flaw to escalate their privileges.
(CVE-2010-3847)
Red Hat would like to thank Tavis Ormandy for reporting this issue.
All users should upgrade to these updated packages, which contain a backported patch to correct this issue.
Affected
glibc on CentOS 5
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-3847 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities