105 matches found
DEBIAN-CVE-2010-3847
elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...
Design/Logic Flaw
ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...
Directory traversal
elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...
CVE-2010-3847
elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...
CVE-2010-3856
ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...
CVE-2010-3847
elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...
CVE-2010-3847
elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...
CVE-2010-0830
Integer signedness error in the elfgetdynamicinfo function in elf/dynamic-link.h in ld.so in the GNU C Library aka glibc or libc6 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value...
CVE-2010-0830
CVE-2010-0830 describes an integer signedness error in the GNU C Library’s dynamic linker component ld.so, specifically in elf_get_dynamic_info. The vulnerability affects glibc versions 2.0.1 through 2.11.1, and is triggered when using the --verify option. A crafted ELF binary with a negative d_t...
Gentoo Security Advisory GLSA 200707-04 (glibc)
The remote host is missing updates announced in advisory GLSA 200707-04. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200707-04 (glibc)
The remote host is missing updates announced in advisory GLSA 200707-04. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Solaris Runtime Linker (ld.so.1) Buffer Overflow Exploit (SPARC version)
No description provided by source. / ld.so.1 exploit SPARC coded by: osker178 bjr213 psu.edu Alright, so this exploits a fairly standard buffer overflow in the default Solaris runtime linker ld.so.1 discovery by Jouko Pynnonen Only real deviation here from the standard overflow and return into li...
GNU C integer overflow
Integer overflow in ld.so dynamic loader...
Solaris 10 (sparc) : 124922-03
SunOS 5.10: ld.so.1 patch. Date this patch was last updated by Sun : Apr/09/07 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if ! definedfunc"bnrandom"...
Solaris 10 (x86) : 124923-03
SunOS 5.10x86: ld.so.1 patch. Date this patch was last updated by Sun : Apr/09/07 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if ! definedfunc"bnrando...
Multiple Sun Solaris vulnerabilities
Buffer overflow in ld.so doprf, directory traversal on parsing different environment variables in ld.so...
CVE-2006-6495
Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in...
CVE-2006-6494
Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. dot dot sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers...
CVE-2006-6495
CVE-2006-6495 describes a stack-based buffer overflow in ld.so.1 on Sun Solaris 8/9/10. An attacker can trigger arbitrary code execution via large precision padding values in a format string specifier passed to the doprf function, resulting in local code execution. The issue generally does not cr...
Sun Solaris ld.so多个本地安全漏洞
Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 Solaris的ld.so程序库实现上存在多个安全漏洞,本地攻击者可能利用这些漏洞提升自己的权限。 ld.so程序库对LANG环境变量值没有做充分的检查过滤即做为创建文件路径的一部分,本地攻击者可以在变量值中插入“../”目录遍历串,从而在系统上的任意位置创建文件。 ld.so程序库的doprf函数实现上存在一个栈溢出漏洞,本地攻击者可以利用此漏洞通过运行一个setuid程序来提升权限。 Sun Solaris 9.0 Sun Solaris 8.0 Sun Solaris 10.0 Sun Solaris 8.0 x8...