818 matches found
Solaris 2.6789 (SPARC) - ld.so.1 Local Privilege Escalation
Solaris 2.6789 SPARC - ld.so.1 Local Privilege Escalation / $Id: raptorldpreload.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorldpreload.c - ld.so.1 local, Solaris/SPARC 2.6/7/8/9 Copyright c 2003-2004 Marco Ivaldi Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 throug...
Solaris 9 (x86) : 113986-29
SunOS 5.9x86: linker Patch. Date this patch was last updated by Sun : May/28/10 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
Solaris Runtime Linker (ld.so.1) Buffer Overflow Exploit (SPARC version)
Exploit for solaris platform in category local exploits ======================================================================== Solaris Runtime Linker ld.so.1 Buffer Overflow Exploit SPARC version ======================================================================== / ld.so.1 exploit SPARC...
Solaris Runtime Linker (SPARC) - ld.so.1 Local Buffer Overflow
Solaris Runtime Linker SPARC - ld.so.1 Local Buffer Overflow / ld.so.1 exploit SPARC coded by: osker178 bjr213 psu.edu Alright, so this exploits a fairly standard buffer overflow in the default Solaris runtime linker ld.so.1 discovery by Jouko Pynnonen Only real deviation here from the standard...
Solaris Runtime Linker (SPARC) - 'ld.so.1' Local Buffer Overflow
/ ld.so.1 exploit SPARC coded by: osker178 bjr213 psu.edu Alright, so this exploits a fairly standard buffer overflow in the default Solaris runtime linker ld.so.1 discovery by Jouko Pynnonen Only real deviation here from the standard overflow and return into libc scenario is that at the time tha...
Sun Solaris Runtime Linker buffer overflow
Buffer overflow on LDPRELOAD environment variable parsing...
Solaris ld.so.1 buffer overflow
OVERVIEW ======== There is a buffer overflow vulnerability in the Solaris runtime linker, /lib/ld.so.1. A local user can gain elevated privileges if there are any dynamically linked, executable SUID/SGID programs in the filesystem. On a typical Solaris installation most or all SUID/SGID programs...
iDEFENSE Security Advisory 07.29.03: Buffer Overflow in Sun Solaris Runtime Linker
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 07.29.03: http://www.idefense.com/advisory/07.29.03.txt Buffer Overflow in Sun Solaris Runtime Linker July 29, 2003 I. BACKGROUND The Solaris runtime linker, ld.so.11, processes dynamic executables and shared objects at...
CVE-2002-0746
Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument...
CVE-2002-0746
CVE-2002-0746 affects AIX 4.3.3 in the template.dhcpo component, where an insecure linker argument is cited as the root cause. The available references describe the vulnerability but do not provide exploit details, affected vectors, or concrete remediation steps within the provided documents. The...
CVE-2002-0746
Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument...
Security holes : Linker, Pharao
Product1 : Linker http://enproject.codelib.co.kr Versions : 2.0 Problems : - Reading in HD - Informations recovery passwords, DBHOST, DBUSER,... Exploits : - /imageview.php?uid=../function/passinfo.php or /imageview.php?uid=../function/baseinfo.php - Set cookies : "adminlogin","1"...
CVE-1999-1143
Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs...
[SECURITY] New version of ghostscript released
Package : gs Problem type : symlink attack Debian-specific: no ghostscript uses temporary files to do some of its work. Unfortunately the method used to create those files wasnt secure: mktemp was used to create a name for a temporary file, but the file was not opened safely. A second problem is...
minor issue with IBM HTTPD and /usr/bin/ikeyman
Summary: /usr/bin/ikeyman is a shell script installed with setuid root permissions by the IBMHSSSB package on Solaris. The script does not seem to work very well in a Solaris 2.6 environment because of dynamic linker issues; if they are resolved, however, an unprivileged user may then be able to...
CVE-1999-0786
The CVE-1999-0786 entry concerns the Solaris dynamic linker. Vulnerability: a local user can create arbitrary files via the LD_PROFILE environmental variable and a symlink attack affecting the dynamic linker. Affected component: Solaris dynamic linker; root cause: LD_PROFILE manipulation enabling...
Solaris 2.6 - Profiling File Creation
Solaris 2.6 - Profiling File Creation source: https://www.securityfocus.com/bid/659/info A vulnerability in the dynamic linkers while profiling a shared object allows local users to create arbitrary files in the system. It canno't be used to overwrite existing files. If the LDPROFILE environment...
SunOS 4.1.3 - LD_LIBRARY_PATH LD_OPTIONS
SunOS 4.1.3 - LDLIBRARYPATH LDOPTIONS source: https://www.securityfocus.com/bid/43/info There exists a vulnerability involving environment variables and setuid/setgid programs under SunOS 4.0 and higher. A dynamically-linked program that is invoked by a setuid/setgid program has access to the...