122 matches found
CVE-2019-1010023
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstrea...
CVE-2019-1010023
CVE-2019-1010023 is reflected in OSV entries for Root OS Debian 12/13, where the rootio-glibc package is patched. The Debian-backed records indicate multiple fixed versions are available; the initial description notes a threat involving re-mapping a loaded ELF via two files and ldd, but upstream ...
CVE-2019-1010023
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstrea...
CVE-2019-1010023
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstrea...
CVE-2019-1010024
CVE-2019-1010024 affects GNU Libc (glibc). The description in the initial document states a mitigation bypass with the impact that an attacker may bypass ASLR by leveraging the cache of thread stack and heap. Upstream and some vendor notes indicate this is treated as a non-security bug and not a ...
CVE-2019-1010024
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat...
CVE-2019-1010024
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat...
CVE-2019-1010022
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this ...
CVE-2019-1010022
CVE-2019-1010022: GNU Libc nptl has a stack guard bypass via a stack-buffer vulnerability. The description notes attackers could bypass stack guard protections by exploiting a stack overflow in the attack vector, with upstream comments claiming this is treated as a non-security bug and “no real t...
CVE-2019-1010022
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this ...
CVE-2019-1010022
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this ...
PT-2019-11439
Name of the Vulnerable Software and Affected Versions: GNU Libc affected versions not specified Description: The issue is related to a mitigation bypass in the nptl component, allowing an attacker to bypass stack guard protection. This can be exploited by using a stack buffer overflow vulnerabili...
Glibc DNS Resolver Vulnerability
A vulnerability in the GNU libc glibc DNS resolver allows remote code execution CVE-2015-7547. However, this issue can be exploited only from a DNS server that is under the control of an attacker. Ref 91886. This glibc issue is only exploitable by an attacker controlling the DNS server configured...
UBUNTU-CVE-2015-8982
Integer overflow in the strxfrm function in the GNU C Library aka glibc or libc6 before 2.21 allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow...
DEBIAN-CVE-2015-1781
Buffer overflow in the gethostbynamer and other unspecified NSS functions in the GNU C Library aka glibc or libc6 before 2.22 allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer...
UBUNTU-CVE-2015-1473
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library aka glibc or libc6 before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service segmentation violatio...
GNU libc 2.12.1 LD_AUDIT libmemusage.so Local Root
!/bin/sh Exploit Title: GNU libc /tmp/libxpl.c /dev/null cat /tmp/libxpl.so /lib/libxpl.so rm -rf /tmp/libxpl.c /tmp/libxpl.so LDAUDIT="libxpl.so" ping...
GNU libc 2.12.1 LD_AUDIT libpcprofile.so Local Root
!/bin/sh Exploit Title: GNU libc /tmp/libxpl.c /dev/null cat /tmp/libxpl.so /lib/libxpl.so rm -rf /tmp/libxpl.c /tmp/libxpl.so LDAUDIT="libxpl.so" ping...
GNU libc/regcomp(3) Multiple Vulnerabilities
No description provided by source. source: http://securityreason.com/securityalert/8003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - - Pub.:...
Multiple Vendors libc/glob(3) Resource Exhaustion (+0day remote ftpd-anon)
No description provided by source. Source: http://securityreason.com/securityalert/7822 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vendors libc/glob3 resource exhaustion +0day remote ftpd-anon Author: Maksymilian Arciemowicz http://netbsd.org/donations/ http://securityreason.com/...