CVE Reference: CVE-2010-0830

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2010-0830

Description:
Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/58915

UBUNTU
  http://www.ubuntu.com/usn/USN-944-1

ST
  1024044

SAID
  Secunia Advisory: SA39900

MISC
  http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
  http://www.mandriva.com/security/advisories?name=MDVSA-2010:111

GENTOO
  http://security.gentoo.org/glsa/glsa-201011-01.xml

DEBIAN
  http://www.debian.org/security/2010/dsa-2058

CONFIRM
  http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5
  http://frugalware.org/security/662

BID
  40063


Return to the previous page.