CVE-2010-3847

This Metasploit module exploits CVE-2010-3856, a privilege escalation vulnerability in glibc's dynamic linker by abusing the LD_AUDIT environment variable to load arbitrary shared objects with elevated privileges. It leverages libpcprofile.so to create a root-owned file in a trusted library path, which is then overwritten with a malicious shared object for code execution.

This Metasploit module exploits CVE-2010-3847, a privilege escalation vulnerability in glibc's dynamic linker. It abuses the $ORIGIN expansion via LD_AUDIT to execute arbitrary shared objects, gaining root privileges by replacing a setuid binary with a malicious shared object.

This repository contains a functional exploit for CVE-2010-3847, a local privilege escalation vulnerability in the Linux kernel. The exploit leverages a race condition in the kernel's handling of file descriptors to execute arbitrary code with elevated privileges.

This Metasploit module exploits CVE-2010-3847, a privilege escalation vulnerability in glibc's dynamic linker. It abuses the LD_AUDIT environment variable to load arbitrary shared objects with elevated privileges, leveraging libpcprofile.so to achieve root access.

This is a detailed technical analysis of CVE-2010-3847, explaining how the GNU C library dynamic linker incorrectly expands $ORIGIN in setuid library search paths, leading to privilege escalation. The writeup includes code paths, exploitation steps, and mitigation strategies.

This advisory details CVE-2010-3847, a vulnerability in the GNU C library dynamic linker where LD_AUDIT can load arbitrary DSOs during setuid execution, potentially leading to privilege escalation. It includes a technical analysis, exploitation steps, and mitigation guidance.

This Metasploit module exploits CVE-2010-3847, a privilege escalation vulnerability in glibc's dynamic linker. It abuses the $ORIGIN expansion feature via LD_AUDIT to execute arbitrary shared objects, gaining root privileges.