Oracle Linux 8 : glibc (ELSA-2023-12851)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12851 advisory. 2.28-225.0.4 - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi Tenable has extracted the preceding...

Exploit for Heap-based Buffer Overflow in Gnu Glibc

PoC of CVE-2023-4911 "Looney Tunables" This is a PoC of CVE-2...

GLSA-202310-03 : glibc: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202310-03 glibc: Multiple vulnerabilities - An issue was discovered in the GNU C Library glibc 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and...

The vulnerability of the dynamic loader ld.so of the glibc library allows a attacker to execute arbitrary code with elevated privileges.

The vulnerability of the dynamic loader ld.so for the glibc library is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges by running binary files with SUID permissions and creating a variable environmen...

AZL-34733 CVE-2023-4911 affecting package glibc for versions less than 2.38-6

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

DEBIAN-CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

[SECURITY] [DSA 5514-1] glibc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5514-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 03, 2023 https://www.debian.org/security/faq -...

CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

CVE-2023-4911: Looney Tunables – Local Privilege Escalation in the glibc’s ld.so

The Qualys Threat Research Unit TRU has discovered a buffer overflow vulnerability in GNU C Librarys dynamic loaders processing of the GLIBCTUNABLES environment variable. We have successfully identified and exploited this vulnerability a local privilege escalation that grants full root privileges...

CVE-2023-4911

A buffer overflow was discovered in the GNU C Library’s dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

Rizin 缓冲区错误漏洞

Rizin is a free open source reverse engineering framework from the Rizin organization. It is used for analyzing binary files, disassembling code, debugging programs, as a forensic tool, as a scriptable command-line hex editor capable of opening disk files, and more. A buffer error vulnerability...

CVE-2022-25366

Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious...

SUSE: Security Advisory (SUSE-SU-2016:0473-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-8093

A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2017-1199)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenBSD - Dynamic Loader chpass Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenBSD Dynamic Loader chpass Privilege Escalation', 'Description' = %q This module exploits a vulnerability in the OpenBSD ld.so dynamic loader...

OpenBSD Dynamic Loader chpass Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenBSD Dynamic Loader chpass Privilege Escalation', 'Description' = %q This module exploits a vulnerability in the OpenBSD ld.so dynamic loader...

OpenBSD 6.x - Dynamic Loader Privilege Escalation Exploit

Local Privilege Escalation in OpenBSD's dynamic loader CVE-2019-19726 ============================================================================== Contents ============================================================================== Summary Analysis Demonstration Acknowledgments...

OpenBSD 6.x - Dynamic Loader Privilege Escalation

OpenBSD 6.x - Dynamic Loader Privilege Escalation Qualys Security Advisory Local Privilege Escalation in OpenBSD's dynamic loader CVE-2019-19726 ============================================================================== Contents...

OpenBSD 6.x - Dynamic Loader Privilege Escalation

Qualys Security Advisory Local Privilege Escalation in OpenBSD's dynamic loader CVE-2019-19726 ============================================================================== Contents ============================================================================== Summary Analysis Demonstration...