The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.

The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Czesc, This advisory describes CVE-2010-3856, an addendum to CVE-2010-3847. Please see http://seclists.org/fulldisclosure/2010/Oct/257 fo...

NetBSD Larn 'Games'组本地特权提升漏洞

Bugtraq ID: 44293 NetBSD是一款基于BSD的操作系统。 当game从setuid更改为setgid时larn没有进行更新-把用户IDs替代为组IDs，这意味着当试图下降到低特权级别时，没有任何事情发生。因此game一直以game组权限运行，并可以games组权限进行各种如写或保存文件操作。 保存文件可写入/var/games可覆盖或破坏属于其他游戏的文件。 NetBSD 4.0 厂商解决方案 已经修补的源文件可从NetBSD CVS库中获得： CVS branch file revision ------------- ----------------...

glibc: ld.so arbitrary DSO loading via LD_AUDIT in setuid/setgid programs

ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...

The GNU C library dynamic linker expands $ORIGIN in setuid library search path

The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is responsible for the runtime linking of dynamically linked programs...

RedHat Update for glibc RHSA-2010:0787-01

Check for the Version of glibc OpenVAS Vulnerability Test RedHat Update for glibc RHSA-2010:0787-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation

GNU C Library 2.x libc6 - Dynamic Linker LDAUDIT Arbitrary DSO Load Privilege Escalation Source: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads...

GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation

Source: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Cześć, This advisory describes CVE-2010-3856, an addendum to...

glibc, nscd security update

CentOS Errata and Security Advisory CESA-2010:0787 Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base...

glibc: ld.so insecure handling of $ORIGIN in LD_AUDIT for setuid/setgid programs

elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...

GNU C Library Dynamic Linker $ORIGIN Expansion Vulnerability

The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is responsible for the runtime linking of dynamically linked programs...

GNU C library dynamic linker $ORIGIN expansion Vulnerability

Exploit for linux platform in category local exploits ============================================================ GNU C library dynamic linker $ORIGIN expansion Vulnerability ============================================================ The GNU C library dynamic linker expands $ORIGIN in setuid...

GNU C library dynamic linker - '$ORIGIN' Expansion

from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2 The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is...

FreeBSD - pseudofs Null Pointer Dereference Privilege Escalation

FreeBSD - pseudofs Null Pointer Dereference Privilege Escalation / source: https://www.securityfocus.com/bid/43060/info 18.08.2010, babcia padlina FreeBSD 7.0 - 7.2 pseudofs null ptr dereference exploit to obtain SYSENT8SYCALLADDR, run: $ kgdb /boot/kernel/kernel kgdb print &sysent8.sycall / defi...

linux/x86 setuid(0) and dd of=/dev/sda if=/dev/zero shellcode 74 bytes

Exploit for linux/x86 platform in category shellcode ====================================================================== linux/x86 setuid0 and dd of=/dev/sda if=/dev/zero shellcode 74 bytes ====================================================================== / Title : Linux x86 shellcode...

CentOS 4 : rpm (CESA-2010:0678)

Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...

CentOS Update for popt CESA-2010:0678 centos4 i386

Check for the Version of popt OpenVAS Vulnerability Test CentOS Update for popt CESA-2010:0678 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

CentOS Update for popt CESA-2010:0678 centos4 i386

Check for the Version of popt OpenVAS Vulnerability Test CentOS Update for popt CESA-2010:0678 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

RedHat Update for rpm RHSA-2010:0678-01

Check for the Version of rpm OpenVAS Vulnerability Test RedHat Update for rpm RHSA-2010:0678-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

popt, rpm security update

CentOS Errata and Security Advisory CESA-2010:0678 Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

RHEL 4 : rpm (RHSA-2010:0678)

Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...