VYPR
Unrated severityNVD Advisory· Published Jan 7, 2011· Updated Jun 16, 2026

CVE-2010-3856

CVE-2010-3856

Description

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

56
  • GNU/Glibc56 versions
    cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*+ 55 more
    • cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*range: <=2.11.2
    • cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*
    • (no CPE)range: <2.11.3, >=2.12 <2.12.2

Patches

Vulnerability mechanics

References

23

News mentions

0

No linked articles in our index yet.