CVE-2010-3847
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
Title source: metasploitExploitation Summary
EIP tracks 7 public exploits for CVE-2010-3847.
PoCs published by Metasploit, magisterquis, Tavis Ormandy, zx2c4, I Can, t Race You Either, Marco Ivaldi, Todor Donev, bcoles, including Metasploit module exploits/linux/local/glibc_ld_audit_dso_load_priv_esc.
AI-analyzed exploit summary This Metasploit module exploits CVE-2010-3856, a privilege escalation vulnerability in glibc's dynamic linker by abusing the LD_AUDIT environment variable to load arbitrary shared objects with elevated privileges. It leverages libpcprofile.so to create a root-owned file in a trusted library path, which is then overwritten with a malicious shared object for code execution.
Description
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
Exploits (7)
This Metasploit module exploits CVE-2010-3856, a privilege escalation vulnerability in glibc's dynamic linker by abusing the LD_AUDIT environment variable to load arbitrary shared objects with elevated privileges. It leverages libpcprofile.so to create a root-owned file in a trusted library path, which is then overwritten with a malicious shared object for code execution.
This Metasploit module exploits CVE-2010-3847, a privilege escalation vulnerability in glibc's dynamic linker. It abuses the $ORIGIN expansion via LD_AUDIT to execute arbitrary shared objects, gaining root privileges by replacing a setuid binary with a malicious shared object.
This repository contains a functional exploit for CVE-2010-3847, a local privilege escalation vulnerability in the Linux kernel. The exploit leverages a race condition in the kernel's handling of file descriptors to execute arbitrary code with elevated privileges.
This Metasploit module exploits CVE-2010-3847, a privilege escalation vulnerability in glibc's dynamic linker. It abuses the LD_AUDIT environment variable to load arbitrary shared objects with elevated privileges, leveraging libpcprofile.so to achieve root access.
This is a detailed technical analysis of CVE-2010-3847, explaining how the GNU C library dynamic linker incorrectly expands $ORIGIN in setuid library search paths, leading to privilege escalation. The writeup includes code paths, exploitation steps, and mitigation strategies.
This advisory details CVE-2010-3847, a vulnerability in the GNU C library dynamic linker where LD_AUDIT can load arbitrary DSOs during setuid execution, potentially leading to privilege escalation. It includes a technical analysis, exploitation steps, and mitigation guidance.
This Metasploit module exploits CVE-2010-3847, a privilege escalation vulnerability in glibc's dynamic linker. It abuses the $ORIGIN expansion feature via LD_AUDIT to execute arbitrary shared objects, gaining root privileges.