CVE-2011-1095

Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 10 Apr 2011, 01:29
Last modified:06 Aug 2024, 22:14

Vulnerability Summary

Overall Risk (default)
medium
35/100
CVSS Score
6.2 MEDIUM
v2.0 (nvd)
EPSS Score
0.14% LOW
0% probability +0.05%
KEV
Not listed
Ransomware
No reports
Public exploits
6 found
Dark Web
Not detected

Timeline

10 Apr 2011, 01:29
Published
Vulnerability first disclosed
06 Aug 2024, 22:14
Last Modified
Vulnerability information updated

Description

locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.

CVSS Metrics

  • v2.0MEDIUMScore: 6.2AV:L/AC:H/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.14% Percentile: 34%

Techniques & Countermeasures

  • CWE-264Permissions, Privileges, and Access Controls

    Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Affected Systems

  • gnuglibc

    ≤ 2.12.2 | 1.00 | 1.01 | 1.02 | 1.03 | 1.04 | 1.05 | 1.06 | 1.07 | 1.08 | 1.09 | 1.09.1 | 2.0 | 2.0.1 | 2.0.2 | 2.0.3 | 2.0.4 | 2.0.5 | 2.0.6 | 2.1 | 2.11 | 2.1.1.6 | 2.12 | 2.13 | 2.1.3.10 | 2.19 | 2.2 | 2.21 | 2.22 | 2.23 | 2.2.4 | 2.25 | 2.3 | 2.3.1 | 2.3.2 | 2.33 | 2.3.4 | 2.3.5 | 2.3.6 | 2.3.10 | 2.4 | 2.5 | 2.5.1 | 2.6 | 2.6.1 | 2.7 | 2.8 | 2.9 | 2.10 | 2.10.1 | 2.10.2 | 2.11.1 | 2.11.2 | 2.11.3 | 2.12.0 | 2.12.1

References (21)