Description
It was discovered that the glibc dynamic linker/loader did not handle the
$ORIGIN dynamic string token set in the LD_AUDIT environment variable
securely. A local attacker with write access to a file system containing
setuid or setgid binaries could use this flaw to escalate their privileges.
(CVE-2010-3847)
It was discovered that the glibc dynamic linker/loader did not perform
sufficient safety checks when loading dynamic shared objects (DSOs) to
provide callbacks for its auditing API during the execution of privileged
programs. A local attacker could use this flaw to escalate their privileges
via a carefully-chosen system DSO library containing unsafe constructors.
(CVE-2010-3856)