glibc security, bug fix, and enhancement update

2.17-260.0.9 - Regenerate plural.c - OraBug 28806294. - Reviewed-by: Jose E. Marchesi 2.17-260.0.7 - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 - OraBug 28806294. - Reviewed-by: Patrick McGehearty 2.17-260.0.5 - Fix dbl-64/wordsize-64...

IBM Db2 'DT_RPATH' Insecure Library Loading Code Execution Vulnerabilities

IBM Db2 is prone to insecure library loading vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:db2";...

Design/Logic Flaw

Multiple untrusted search path vulnerabilities in 1 db2rspgn and 2 kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DTRPATH ELF...

CVE-2011-4061

CVE-2011-4061 affects IBM DB2 9.7 (and 9.5) when ITMA (Tivoli Monitoring Agent) is bundled with DB2 on UNIX/Linux platforms. The vulnerability arises from insecure DT_RPATH-based loading of libkbb.so via the SUID-root binary kbbacf1 in the ITMA component, allowing a local user to escalate privile...

IBM DB2 - DT_RPATH Insecure Library Loading Arbitrary Code Execution

IBM DB2 - DTRPATH Insecure Library Loading Arbitrary Code Execution // source: https://www.securityfocus.com/bid/48514/info IBM DB2 is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue to gain elevated privileges and execute arbitrary code wit...

The GNU C library dynamic linker expands $ORIGIN in setuid library search path

The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is responsible for the runtime linking of dynamically linked programs...

GNU C library dynamic linker $ORIGIN expansion Vulnerability

Exploit for linux platform in category local exploits ============================================================ GNU C library dynamic linker $ORIGIN expansion Vulnerability ============================================================ The GNU C library dynamic linker expands $ORIGIN in setuid...

GNU C library dynamic linker - '$ORIGIN' Expansion

from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2 The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is...

CVE-2009-0876

Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DTRPATH:$ORIGIN...

Design/Logic Flaw

Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DTRPATH:$ORIGIN...

CVE-2009-0876

Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DTRPATH:$ORIGIN...

CVE-2009-0876

Sun xVM VirtualBox for Linux (versions 2.0.0 – 2.1.4r42893) is affected by a local privilege-escalation flaw via a hardlink attack that preserves setuid/setgid bits, related to DT_RPATH:$ORIGIN. The issue, described across multiple sources, centers on filesystem manipulation allowing a non-privil...

Gentoo Security Advisory GLSA 200612-15 (vlnx)

The remote host is missing updates announced in advisory GLSA 200612-15. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200612-15 (vlnx)

The remote host is missing updates announced in advisory GLSA 200612-15. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200509-05 (net-snmp)

The remote host is missing updates announced in advisory GLSA 200509-05. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2006-6474

Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DTRPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious libraries in that directo...

CVE-2006-6474

The CVE-2006-6474 entry concerns McAfee VirusScan for Linux 4510e and earlier, where the DT_RPATH environment variable includes the current working directory. This insecure DT_RPATH can allow a local attacker to have the dynamic loader load untrusted ELF DSOs and execute arbitrary code by placing...

CVE-2006-6474

Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DTRPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious libraries in that directo...

McAfee VirusScan: Insecure DT_RPATH

Background McAfee VirusScan for Linux is a commercial antivirus solution for Linux. Description Jakub Moc of Gentoo Linux discovered that McAfee VirusScan was distributed with an insecure DTRPATH which included the current working directory, rather than $ORIGIN which was probably intended. Impact...

GLSA-200612-15 : McAfee VirusScan: Insecure DT_RPATH

The remote host is affected by the vulnerability described in GLSA-200612-15 McAfee VirusScan: Insecure DTRPATH Jakub Moc of Gentoo Linux discovered that McAfee VirusScan was distributed with an insecure DTRPATH which included the current working directory, rather than $ORIGIN which was probably...