CVE-2011-1095 - CERT CVE
ID CVE-2011-1095
Sažetak locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
Reference
CVSS
Base: 6.2
Impact: 10.0
Exploitability:1.9
Pristup
VektorSloženostAutentikacija
LOCAL HIGH NONE
Impact
PovjerljivostCjelovitostDostupnost
COMPLETE COMPLETE COMPLETE
CVSS vektor AV:L/AC:H/Au:N/C:C/I:C/A:C
Zadnje važnije ažuriranje 13-02-2023 - 00:15
Objavljeno 10-04-2011 - 02:55