Lucene search
K

6057 matches found

CVE
CVE
added 2001/01/22 5:0 a.m.65 views

CVE-2000-0824

The CVE-2000-0824 issue involves glibc 2.1.1 unsetenv(): when a variable appears twice in the environment, the value may not be properly removed, enabling a local attacker to influence setuid programs with duplicate variables (e.g., LD_PRELOAD, LD_LIBRARY_PATH) and potentially execute code as roo...

7.2CVSS7.1AI score0.01232EPSS
Exploits1References15Affected Software1
Cvelist
Cvelist
added 2001/01/22 5:0 a.m.28 views

CVE-2000-0824

The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LDPRELOAD or...

7AI score0.01232EPSS
Exploits1References15
securityvulns
securityvulns
added 2001/01/13 12:0 a.m.30 views

[RHSA-2001:001-05] glibc file read or write access local vulnerability

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: glibc file read or write access local vulnerability Advisory ID: RHSA-2001:001-05 Issue date: 2001-01-11 Updated on: 2001-01-11 Product: Red Hat Linux Keywords: glibc...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2001/01/13 12:0 a.m.34 views

Серьезная дырка в glibc

В suid-приложениях не сбрасывается переменная RESOLVHOSTCONF, что позволяет пользователю указать в качестве конфигурации резолвера любой файл, получить доступ на чтение к любому файлу. Кроме того, в отдельных случаях пользователь может подключать свои библиотеки...

0.5AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2001/01/11 12:0 a.m.42 views

Glibc Local Root Exploit

Hi all, This has been bouncing around on vuln-dev and the debian-devel lists. It effects glibc = 2.1.9x and it would seem many if not all OSes using these versions of glibc. Ben Collins writes, "This wasn't supposed to happen, and the actual fix was a missing comma in the list of secure env vars...

0.1AI score
Exploits0
Slackware Linux
Slackware Linux
added 2001/01/10 8:29 p.m.16 views

glibc 2.2 local vulnerability on setuid binaries

glibc-2.2 contains a local vulnerability that affects all setuid root binaries. Any user on affected systems will be able to read any file on the system through a simple process: The user sets the RESOLVHOSTCONF environment variable to the name of the file that they wish to read, then runs any...

6.5AI score
Exploits0
0day.today
0day.today
added 2000/12/02 12:0 a.m.23 views

mount exploit for glibc locale bug

Exploit for linux platform in category local exploits ================================== mount exploit for glibc locale bug ================================== / mount exploit for glibc locale bug tested on redhat 6.2 and slackware 7.0 and debian 2.2 Debian 2.2 mount-2.10f : ./mnt -n 136 -a...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2000/12/02 12:0 a.m.17 views

GLIBC locale - bug mount

GLIBC locale - bug mount / mount exploit for glibc locale bug tested on redhat 6.2 and slackware 7.0 and debian 2.2 Debian 2.2 mount-2.10f : ./mnt -n 136 -a 0x080589a0 -i 192 Redhat 6.2 mount-2.10f : ./mnt -n 114 -a 0x080565dc -i 112 compiled on rh 6.2 mount-2.10m: ./mnt -n 114 -a 0x08059218 -i 1...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2000/12/02 12:0 a.m.97 views

GLIBC locale - bug mount

/ mount exploit for glibc locale bug tested on redhat 6.2 and slackware 7.0 and debian 2.2 Debian 2.2 mount-2.10f : ./mnt -n 136 -a 0x080589a0 -i 192 Redhat 6.2 mount-2.10f : ./mnt -n 114 -a 0x080565dc -i 112 compiled on rh 6.2 mount-2.10m: ./mnt -n 114 -a 0x08059218 -i 112 "objdump /bin/mount |...

7.4AI score
Exploits0
0day.today
0day.today
added 2000/11/30 12:0 a.m.61 views

GLIBC (via /bin/su) Local Root Exploit

Exploit for linux platform in category local exploits ====================================== GLIBC via /bin/su Local Root Exploit ====================================== / Working exploit for glibc executing /bin/su To exploit this i have used a technique that overwrites the .dtors section of...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2000/11/30 12:0 a.m.54 views

GLIBC - '/bin/su' Local Privilege Escalation

/ Working exploit for glibc executing /bin/su To exploit this i have used a technique that overwrites the .dtors section of /bin/su program with the address of the shellcode, so, the program executes it when main returns or exit is called Thanks a lot to rwxrwxrwx for explaining me this technique...

7.4AI score
Exploits0
NVD
NVD
added 2000/11/14 5:0 a.m.22 views

CVE-2000-0824

The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LDPRELOAD or...

7.2CVSS7.1AI score0.01232EPSS
Exploits1References15
CVE
CVE
added 2000/10/13 4:0 a.m.59 views

CVE-2000-0335

The CVE-2000-0335 issue affects the resolver in glibc 2.1.3 , which uses predictable IDs. This design allows a local attacker to cause DNS query spoofing by manipulating IDs, undermining DNS query integrity. The vulnerability’s impact is described as the ability to spoof results, with a base CVSS...

7.5CVSS6.6AI score0.01586EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.26 views

CVE-2000-0335

The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results...

6.2AI score0.01586EPSS
Exploits0References1
securityvulns
securityvulns
added 2000/10/06 12:0 a.m.35 views

Серьезная уязвимость многих Unix через locale в glibc

Функции работы с locale позволяют пользователям создавать пользовательские отображения строк, при этом не проверяется наличие форматных символов. Функции locale используются многими suid-приложениями. В некоторых случаях проблема становится удаленной из-за некорректной обработки переменных...

0.6AI score
Exploits0References2Affected Software13
NVD
NVD
added 2000/09/30 4:0 a.m.25 views

CVE-2000-1207

userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LCALL environment variables CVE-2000-0844...

7.2CVSS6.6AI score0.00445EPSS
Exploits0References4
securityvulns
securityvulns
added 2000/09/26 12:0 a.m.24 views

Проблема с ld.so из glibc

Переменная окружения LDPRELOAD используется для поиска динамических библиотек. При вызове suid/sgid программы эта переменная сбрасывается, но не сбрасывается, когда suid/sgid вызывает другое приложение, что позволяет подсунуть пользовательскую библиотеку...

0.5AI score
Exploits0References3Affected Software3
exploitpack
exploitpack
added 2000/09/06 12:0 a.m.22 views

RedHat 6 GLIBClocale - Subsystem Format String

RedHat 6 GLIBClocale - Subsystem Format String / source: https://www.securityfocus.com/bid/1634/info Conectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2000/09/06 12:0 a.m.30 views

RedHat 6 GLIBC/locale - Subsystem Format String

/ source: https://www.securityfocus.com/bid/1634/info Conectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide internationalization support according to t...

7.4AI score
Exploits0
Debian
Debian
added 2000/09/05 2:58 p.m.8 views

[SECURITY] glibc update for Debian GNU/Linux 2.1 (update)

Package: glibc Vulnerability: local exploit Debian-specific: no Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code. An earlier advisory listed the updates for Debian 2.2/potato. This advisory contains updates for Debian...

6AI score
Exploits0
Rows per page
Query Builder