6057 matches found
CVE-2000-0824
The CVE-2000-0824 issue involves glibc 2.1.1 unsetenv(): when a variable appears twice in the environment, the value may not be properly removed, enabling a local attacker to influence setuid programs with duplicate variables (e.g., LD_PRELOAD, LD_LIBRARY_PATH) and potentially execute code as roo...
CVE-2000-0824
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LDPRELOAD or...
[RHSA-2001:001-05] glibc file read or write access local vulnerability
--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: glibc file read or write access local vulnerability Advisory ID: RHSA-2001:001-05 Issue date: 2001-01-11 Updated on: 2001-01-11 Product: Red Hat Linux Keywords: glibc...
Серьезная дырка в glibc
В suid-приложениях не сбрасывается переменная RESOLVHOSTCONF, что позволяет пользователю указать в качестве конфигурации резолвера любой файл, получить доступ на чтение к любому файлу. Кроме того, в отдельных случаях пользователь может подключать свои библиотеки...
Glibc Local Root Exploit
Hi all, This has been bouncing around on vuln-dev and the debian-devel lists. It effects glibc = 2.1.9x and it would seem many if not all OSes using these versions of glibc. Ben Collins writes, "This wasn't supposed to happen, and the actual fix was a missing comma in the list of secure env vars...
glibc 2.2 local vulnerability on setuid binaries
glibc-2.2 contains a local vulnerability that affects all setuid root binaries. Any user on affected systems will be able to read any file on the system through a simple process: The user sets the RESOLVHOSTCONF environment variable to the name of the file that they wish to read, then runs any...
mount exploit for glibc locale bug
Exploit for linux platform in category local exploits ================================== mount exploit for glibc locale bug ================================== / mount exploit for glibc locale bug tested on redhat 6.2 and slackware 7.0 and debian 2.2 Debian 2.2 mount-2.10f : ./mnt -n 136 -a...
GLIBC locale - bug mount
GLIBC locale - bug mount / mount exploit for glibc locale bug tested on redhat 6.2 and slackware 7.0 and debian 2.2 Debian 2.2 mount-2.10f : ./mnt -n 136 -a 0x080589a0 -i 192 Redhat 6.2 mount-2.10f : ./mnt -n 114 -a 0x080565dc -i 112 compiled on rh 6.2 mount-2.10m: ./mnt -n 114 -a 0x08059218 -i 1...
GLIBC locale - bug mount
/ mount exploit for glibc locale bug tested on redhat 6.2 and slackware 7.0 and debian 2.2 Debian 2.2 mount-2.10f : ./mnt -n 136 -a 0x080589a0 -i 192 Redhat 6.2 mount-2.10f : ./mnt -n 114 -a 0x080565dc -i 112 compiled on rh 6.2 mount-2.10m: ./mnt -n 114 -a 0x08059218 -i 112 "objdump /bin/mount |...
GLIBC (via /bin/su) Local Root Exploit
Exploit for linux platform in category local exploits ====================================== GLIBC via /bin/su Local Root Exploit ====================================== / Working exploit for glibc executing /bin/su To exploit this i have used a technique that overwrites the .dtors section of...
GLIBC - '/bin/su' Local Privilege Escalation
/ Working exploit for glibc executing /bin/su To exploit this i have used a technique that overwrites the .dtors section of /bin/su program with the address of the shellcode, so, the program executes it when main returns or exit is called Thanks a lot to rwxrwxrwx for explaining me this technique...
CVE-2000-0824
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LDPRELOAD or...
CVE-2000-0335
The CVE-2000-0335 issue affects the resolver in glibc 2.1.3 , which uses predictable IDs. This design allows a local attacker to cause DNS query spoofing by manipulating IDs, undermining DNS query integrity. The vulnerability’s impact is described as the ability to spoof results, with a base CVSS...
CVE-2000-0335
The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results...
Серьезная уязвимость многих Unix через locale в glibc
Функции работы с locale позволяют пользователям создавать пользовательские отображения строк, при этом не проверяется наличие форматных символов. Функции locale используются многими suid-приложениями. В некоторых случаях проблема становится удаленной из-за некорректной обработки переменных...
CVE-2000-1207
userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LCALL environment variables CVE-2000-0844...
Проблема с ld.so из glibc
Переменная окружения LDPRELOAD используется для поиска динамических библиотек. При вызове suid/sgid программы эта переменная сбрасывается, но не сбрасывается, когда suid/sgid вызывает другое приложение, что позволяет подсунуть пользовательскую библиотеку...
RedHat 6 GLIBClocale - Subsystem Format String
RedHat 6 GLIBClocale - Subsystem Format String / source: https://www.securityfocus.com/bid/1634/info Conectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems...
RedHat 6 GLIBC/locale - Subsystem Format String
/ source: https://www.securityfocus.com/bid/1634/info Conectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide internationalization support according to t...
[SECURITY] glibc update for Debian GNU/Linux 2.1 (update)
Package: glibc Vulnerability: local exploit Debian-specific: no Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code. An earlier advisory listed the updates for Debian 2.2/potato. This advisory contains updates for Debian...