New Search

VMSA-2011-0010 VMware ESX third party updates for Service Console packages glibc and dhcp

oval:org.mitre.oval:def:12272

locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output which might allow local users to gain privileges via a crafted localization environment variable in conjunction with a program that executes a script that uses the eval function.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • VMWare ESX Server 4.1
  • VMWare ESX Server 4.0
Class:
vulnerability
Reference(s):
  • CVE-2011-1095
Product(s):