Vulnerability Details : CVE-2010-0830
Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2010-0830
Probability of exploitation activity in the next 30 days: 9.38%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0830
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
CWE ids for CVE-2010-0830
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0830
-
http://www.debian.org/security/2010/dsa-2058
Debian -- Security Information -- DSA-2058-1 glibc, eglibc
-
http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5
sourceware.org Git - glibc.git/commit
-
https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
[security-announce] SUSE Security Announcement: glibc (SUSE-SA:2010:052)
-
http://www.vupen.com/english/advisories/2010/1246
Webmail | OVH- OVHVendor Advisory
-
http://www.ubuntu.com/usn/USN-944-1
USN-944-1: GNU C Library vulnerabilities | Ubuntu security notices
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/58915
glibc ELF code execution CVE-2010-0830 Vulnerability Report
-
http://www.securityfocus.com/bid/40063
GNU glibc 'ld.so' ELF Header Parsing Remote Integer Overflow VulnerabilityPatch
-
http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html
Blog niet gevonden
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
mandriva.com
-
http://security.gentoo.org/glsa/glsa-201011-01.xml
GNU C library: Multiple vulnerabilities (GLSA 201011-01) — Gentoo security
-
http://securitytracker.com/id?1024044
GNU Glibc ELF Header Validation Flaw Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://frugalware.org/security/662
Frugalware
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
mandriva.com
Products affected by CVE-2010-0830
- cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*