CVE-2003-0670

Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff network packets via the setuid helper applications 1 RunTCPDump, which calls tcpdump, and 2 RunTCPFlow, which calls tcpflow...

CVE-2002-2023

The getparameterfromfreqencysource function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors...

CVE-2002-1896

Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long 1 -f or 2 -o command line argument...

CVE-2001-1551

Linux kernel 2.2.19 enables CAPSYSRESOURCE for setuid processes, which allows local users to exceed disk quota restrictions during execution of setuid programs...

CVE-1999-0462

suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk...

Security update for glibc

This update for glibc fixes the following issues: CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. elf: Ignore LDLIBRARYPATH and debug env var for setuid for static bsc1243317 pthreads NPTL: lost wakeup fix 2 bsc1234128, BZ 25847 Mark functions in...

SUSE-SU-2025:20332-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. elf: Ignore LDLIBRARYPATH and debug env var for setuid for static bsc1243317 - pthreads NPTL: lost wakeup fix 2 bsc1234128, BZ 25847 - Mark functions in...

[slackware-security] glibc

New glibc packages are available for Slackware 15.0 to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/aaaglibc-solibs-2.33-i586-8slack15.0.txz: Rebuilt. patches/packages/glibc-2.33-i586-8slack15.0.txz: Rebuilt. This update fixes a security issue: el...

SUSE CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

📄 Automic Automation Agent Unix Privilege Escalation

An agent configured to run in privileged mode using the SetUID-Bit can be used to escalate privileges, by supplying an ini file with the "authentication" option set to "PAM" and the "libName" option set to a shared object file controlled by the attacker. The shared object will be loaded in an...

The vulnerability of the dlopen() function in the system library glibc, which allows a hacker to execute arbitrary code

The vulnerability of the dlopen function in the glibc system library is related to the use of an insecure path for searching executable programs when processing the LDLIBRARYPATH variable. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially...

CVE-2025-4802

A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen, including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo, may incorrectly search LDLIBRARYPATH to determine which library to load, allowing a local attacker to load...

CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

AZL-61873 CVE-2025-4802 affecting package glibc 2.35-10

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

AZL-61877 CVE-2025-4802 affecting package glibc for versions less than 2.38-14

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

DEBIAN-CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

UBUNTU-CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

CVE-2025-4802

CVE-2025-4802 affects the GNU C Library (glibc) versions 2.27–2.38. The issue is an untrusted LD_LIBRARY_PATH vulnerability that enables attacker-controlled loading of dynamically-linked libraries by statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlo...

CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...