CVE 2010-3856
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
Related bugs and status
CVE-2010-3856 (Candidate) is related to these bugs:
Bug #615953: busybox sed core dump
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 615953 | busybox sed core dump | eglibc (Ubuntu) | Low | Fix Released | ||
| 615953 | busybox sed core dump | eglibc (Fedora) | High | Fix Released | ||
| 615953 | busybox sed core dump | eglibc (Ubuntu Lucid) | Undecided | Fix Released | ||
| 615953 | busybox sed core dump | eglibc (Ubuntu Maverick) | Undecided | Fix Released | ||
Bug #643171: Use the __sync primitives in EGLIBC
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 643171 | Use the __sync primitives in EGLIBC | Linaro Toolchain Miscellanies | Medium | Fix Released | ||
| 643171 | Use the __sync primitives in EGLIBC | eglibc (Ubuntu) | Undecided | Fix Released | ||
Bug #669361: package manpages-dev 3.24-1ubuntu1 failed to install/upgrade: trying to overwrite '/usr/share/man/man3/pthread_sigmask.3.gz', which is also in package glibc-doc 2.12.1-0ubuntu8
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 669361 | package manpages-dev 3.24-1ubuntu1 failed to install/upgrade: trying to overwrite '/usr/share/man/man3/pthread_sigmask.3.gz', which is also in package glibc-doc 2.12.1-0ubuntu8 | eglibc (Ubuntu) | Medium | Fix Released | ||
| 669361 | package manpages-dev 3.24-1ubuntu1 failed to install/upgrade: trying to overwrite '/usr/share/man/man3/pthread_sigmask.3.gz', which is also in package glibc-doc 2.12.1-0ubuntu8 | manpages (Ubuntu) | Undecided | Fix Released | ||
Bug #670678: libc translations not imported from upstream
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 670678 | libc translations not imported from upstream | Launchpad itself | Undecided | Invalid | ||
| 670678 | libc translations not imported from upstream | eglibc (Ubuntu) | Undecided | Fix Released | ||
| 670678 | libc translations not imported from upstream | Ubuntu Translations | Medium | Fix Released | ||
Bug #672352: Assertion `_rtld_global_ro._dl_pagesize != 0' failed
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 672352 | Assertion `_rtld_global_ro._dl_pagesize != 0' failed | eglibc (Ubuntu) | Undecided | Fix Released | ||
| 672352 | Assertion `_rtld_global_ro._dl_pagesize != 0' failed | eglibc (Ubuntu Maverick) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
