CVE-2010-3192

Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://seclists.org/fulldisclosure/2010/Apr/399	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/08/25/8	Mailing List
http://www.openwall.com/lists/oss-security/2010/08/31/6	Mailing List
http://www.openwall.com/lists/oss-security/2010/08/31/7	Mailing List
http://www.openwall.com/lists/oss-security/2010/09/02/2	Mailing List
http://www.openwall.com/lists/oss-security/2010/09/02/3	Mailing List
http://www.openwall.com/lists/oss-security/2010/09/02/4	Mailing List
http://www.openwall.com/lists/oss-security/2010/09/02/5	Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-10-14 05:58

Updated : 2024-02-04 17:54

NVD link : CVE-2010-3192

Mitre link : CVE-2010-3192

CVE.ORG link : CVE-2010-3192

JSON object : View

Products Affected

gnu

glibc

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2010-3192", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-10-14T05:58:06.833", "references": [{"url": "http://seclists.org/fulldisclosure/2010/Apr/399", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2010/08/25/8", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2010/08/31/6", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2010/08/31/7", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/02/2", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/02/3", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/02/4", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/02/5", "tags": ["Mailing List"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations."}, {"lang": "es", "value": "Algunos mecanismos run-time de protecci\u00f3n de memoria en la Librer\u00eda C de GNU (tambi\u00e9n conocido como glibc o libc6) print argv[0] y backtrace information, lo cual permite a atacantes dependientes del contexto obtener informaci\u00f3n sensible de procesos de memoria mediante la ejecuci\u00f3n de un programa incorrecto, como el demostrado por un programa setuid que contiene un error de desbordamiento de b\u00fafer basado en pila, relacionado con la funci\u00f3n __fortify_fail en debug/fortify_fail.c, y las implementaciones __stack_chk_fail (tambi\u00e9n conocida como stack protection) y __chk_fail (tambi\u00e9n conocida como FORTIFY_SOURCE)."}], "lastModified": "2020-03-31T15:32:56.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4B57CAA-FEDE-48A6-A22F-56CAEA79F200", "versionEndExcluding": "2.26"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}