glibc: ld.so arbitrary DSO loading via LD_AUDIT in setuid/setgid programs

ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...

The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.

The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Czesc, This advisory describes CVE-2010-3856, an addendum to CVE-2010-3847. Please see http://seclists.org/fulldisclosure/2010/Oct/257 fo...

GNU C dynamic linker privilege escalation

Invalid $ORIGIN processing allows to load user library into suid application...

GNU C library dynamic linker expands $ORIGIN in setuid library search path

Overview Certain versions of glibc unsafely handle the $ORIGIN ELF substitution sequence which can be exploited to gain local privilege escalation. Description Tavis Ormandy's advisory states:"$ORIGIN is an ELF substitution sequence representing the location of the executable being loaded in the...

The GNU C library dynamic linker expands $ORIGIN in setuid library search path

The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is responsible for the runtime linking of dynamically linked programs...

RedHat Update for glibc RHSA-2010:0787-01

Check for the Version of glibc OpenVAS Vulnerability Test RedHat Update for glibc RHSA-2010:0787-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

GNU C Library Dynamic Linker Arbitrary DSO dlopen

The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Cześć, This advisory describes CVE-2010-3856, an addendum to CVE-2010-3847. Please see http://seclists.org/fulldisclosure/2010/Oct/257 fo...

GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation

GNU C Library 2.x libc6 - Dynamic Linker LDAUDIT Arbitrary DSO Load Privilege Escalation Source: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads...

glibc, nscd security update

CentOS Errata and Security Advisory CESA-2010:0787 Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base...

Important: Red Hat Security Advisory: glibc security update

Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

glibc: ld.so insecure handling of $ORIGIN in LD_AUDIT for setuid/setgid programs

elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...

GNU C Library Dynamic Linker $ORIGIN Expansion Vulnerability

The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is responsible for the runtime linking of dynamically linked programs...

GNU C library dynamic linker $ORIGIN expansion Vulnerability

Exploit for linux platform in category local exploits ============================================================ GNU C library dynamic linker $ORIGIN expansion Vulnerability ============================================================ The GNU C library dynamic linker expands $ORIGIN in setuid...

GNU C library dynamic linker - '$ORIGIN' Expansion

from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2 The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is...

GNU C library dynamic linker - $ORIGIN Expansion

GNU C library dynamic linker - $ORIGIN Expansion from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2 The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is...

PT-2009-4355 · Pulseaudio · Pulseaudio

Name of the Vulnerable Software and Affected Versions: PulseAudio versions 0.9.9 through 0.9.14 Description: A race condition exists that allows local users to gain privileges. This issue involves the creation of a hard link and is related to the application setting LD BIND NOW to 1, and then...

CVE-2009-0606

The linkimage function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by certain groups, possibly ...

PT-2006-6799 · Freebsd · Ld.So

Name of the Vulnerable Software and Affected Versions: ld.so in FreeBSD, NetBSD, and possibly other BSD distributions affected versions not specified Description: The issue allows local users to gain privileges by passing certain environment variables to loading processes, as ld.so does not remov...

CVE-2006-3499

The dynamic linker dyld in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error stderr by privileged applications...

CVE-2006-3500

The dynamic linker dyld in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability...