38 matches found
glibc - 'LD_AUDIT' Arbitrary DSO Load Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class MetasploitModule 'glibc LDAUDIT Arbitrary DSO Load Privilege Escalation', 'Description' = %q...
GNU libc 2.12.1 LD_AUDIT libpcprofile.so Local Root
!/bin/sh Exploit Title: GNU libc /tmp/libxpl.c /dev/null cat /tmp/libxpl.so /lib/libxpl.so rm -rf /tmp/libxpl.c /tmp/libxpl.so LDAUDIT="libxpl.so" ping...
glibc LD_AUDIT arbitrary DSO load Privilege Escalation
No description provided by source. !/bin/sh I Can't Read and I Won't Race You Either by zx2c4 This is an exploit for CVE-2010-3856. A while back, Tavis showed us three ways to exploit flaws in glibc's dynamic linker involving LDAUDIT. 1 2 The first way involved opening a file descriptor and using...
openSUSE Security Update : glibc (openSUSE-SU-2010:0912-1)
This update of glibc fixes two bugs and security issues : CVE-2010-3847: Decoding of the $ORIGIN special value in various LD environment variables allowed local attackers to execute code in context of e.g. setuid root programs, elevating privileges. This issue does not affect SUSE as an assertion...
Oracle Linux 6 : glibc (ELSA-2010-0872)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0872 advisory. - Require suid bit on audit objects in privileged programs 645679, CVE-2010-3856 Tenable has extracted the preceding description block directly from th...
Oracle Linux 5 : glibc (ELSA-2010-0793)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2010-0793 advisory. 2.5-49.el55.7 - Require suid bit on audit objects in privileged programs 645677, CVE-2010-3856 Tenable has extracted the preceding description block directly fr...
Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root Exploit
Local root exploit for Glibc versions 2.11.3 and 2.12.x utilizing LDAUDIT libmemusage.so. !/bin/sh + Glibc /tmp/payload.c /dev/null echo "+ Filling the lib file with lib contents." cat /tmp/exploit /lib/sploit.so rm /tmp/payload.c /tmp/exploit echo "+ Executing payload.." LDAUDIT="sploit.so" ping...
Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root
!/bin/sh + Glibc /tmp/payload.c /dev/null echo "+ Filling the lib file with lib contents." cat /tmp/exploit /lib/sploit.so rm /tmp/payload.c /tmp/exploit echo "+ Executing payload.." LDAUDIT="sploit.so" ping...
Scientific Linux Security Update : glibc on SL6.x i386/x86_64
It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LDAUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use this flaw to escalate their privileges...
glibc - LD_AUDIT Arbitrary DSO Load Privilege Escalation
glibc - LDAUDIT Arbitrary DSO Load Privilege Escalation !/bin/sh I Can't Read and I Won't Race You Either by zx2c4 This is an exploit for CVE-2010-3856. A while back, Tavis showed us three ways to exploit flaws in glibc's dynamic linker involving LDAUDIT. 1 2 The first way involved opening a file...
glibc LD_AUDIT Privilege Escalation
!/bin/sh I Can't Read and I Won't Race You Either by zx2c4 This is an exploit for CVE-2010-3856. A while back, Tavis showed us three ways to exploit flaws in glibc's dynamic linker involving LDAUDIT. 1 2 The first way involved opening a file descriptor and using fexecve to easily win a race with...
CentOS Update for glibc CESA-2010:0793 centos5 i386
Check for the Version of glibc OpenVAS Vulnerability Test CentOS Update for glibc CESA-2010:0793 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
CentOS Update for glibc CESA-2010:0793 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Debian Security Advisory DSA 2122-2 (glibc)
The remote host is missing an update to glibc announced via advisory DSA 2122-2. OpenVAS Vulnerability Test $Id: deb21222.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2122-2 glibc Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : eglibc, glibc vulnerability (USN-1009-2)
USN-1009-1 fixed vulnerabilities in the GNU C library. Colin Watson discovered that the fixes were incomplete and introduced flaws with setuid programs loading libraries that used dynamic string tokens in their RPATH. If the 'man' program was installed setuid, a local attacker could exploit this ...
CVE-2010-3856
ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...
DSquare Exploit Pack: D2SEC_CVE_2010_3856
Name| d2seccve20103856 ---|--- CVE| CVE-2010-3856 Exploit Pack| D2ExploitPack Description| D2SEC CVE20103856 Notes|...
Immunity Canvas: CVE_2010_3856
Name| CVE20103856 ---|--- CVE| CVE-2010-3856 Exploit Pack| CANVAS Description| CVE20103856 Notes| CVE Name: CVE-2010-3856 VENDOR: Linux NOTES: See the FD post for a ton of details, try this exploit on RedHat derived distributions, this may also work against Ubuntu. If it fails but you think the...
CVE-2010-3856
CVE-2010-3856 affects glibc's dynamic linker (ld.so). Local users can escalate privileges by abusing LD_AUDIT to load an unsafe DSO from a trusted library directory. Concrete details: affected components are ld.so in glibc before 2.11.3 and 2.12.x before 2.12.2; the underlying issue is improper L...
VMSA-2011-0001 : VMware ESX third-party updates for Service Console packages glibc, sudo, and openldap
a. Service Console update for glibc The service console packages glibc, glibc-common, and nscd are each updated to version 2.5-34.4908.vmw. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2010-3847 and CVE-2010-3856 to the issues addressed in this update...