Products
Solutions
Customers
Partner
Resources
Company
Careers
Community

CVE Reference: CVE-2010-0830

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2010-0830

Description:
Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/58915

UBUNTU
  http://www.ubuntu.com/usn/USN-944-1

ST
  1024044

SAID
  Secunia Advisory: SA39900

MISC
  http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
  http://www.mandriva.com/security/advisories?name=MDVSA-2010:111

GENTOO
  http://security.gentoo.org/glsa/glsa-201011-01.xml

DEBIAN
  http://www.debian.org/security/2010/dsa-2058

CONFIRM
  http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5
  http://frugalware.org/security/662

BID
  40063


Return to the previous page.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability