Lucene search
+L

105 matches found

OSV
OSV
added 2011/01/07 7:0 p.m.3 views

DEBIAN-CVE-2010-3847

elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...

6.9CVSS9AI score0.08747EPSS
Exploits20References1
Prion
Prion
added 2011/01/07 7:0 p.m.28 views

Design/Logic Flaw

ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...

7.2CVSS6.8AI score0.09454EPSS
Exploits24References24Affected Software1
Prion
Prion
added 2011/01/07 7:0 p.m.36 views

Directory traversal

elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...

6.9CVSS7AI score0.08747EPSS
Exploits20References21Affected Software1
Debian CVE
Debian CVE
added 2011/01/07 6:0 p.m.40 views

CVE-2010-3847

elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...

6.9CVSS9.2AI score0.08747EPSS
Exploits20
Cvelist
Cvelist
added 2011/01/07 6:0 p.m.44 views

CVE-2010-3856

ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...

8.9AI score0.09454EPSS
Exploits24References24
Cvelist
Cvelist
added 2011/01/07 6:0 p.m.28 views

CVE-2010-3847

elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...

8.9AI score0.08747EPSS
Exploits20References21
UbuntuCve
UbuntuCve
added 2010/10/22 12:0 a.m.40 views

CVE-2010-3847

elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...

6.9CVSS7.2AI score0.08747EPSS
Exploits20References2
NVD
NVD
added 2010/06/01 8:30 p.m.23 views

CVE-2010-0830

Integer signedness error in the elfgetdynamicinfo function in elf/dynamic-link.h in ld.so in the GNU C Library aka glibc or libc6 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value...

5.1CVSS9.2AI score0.04514EPSS
Exploits0References14
CVE
CVE
added 2010/06/01 8:0 p.m.95 views

CVE-2010-0830

CVE-2010-0830 describes an integer signedness error in the GNU C Library’s dynamic linker component ld.so, specifically in elf_get_dynamic_info. The vulnerability affects glibc versions 2.0.1 through 2.11.1, and is triggered when using the --verify option. A crafted ELF binary with a negative d_t...

5.1CVSS8.4AI score0.04514EPSS
Exploits0References14Affected Software1
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.28 views

Gentoo Security Advisory GLSA 200707-04 (glibc)

The remote host is missing updates announced in advisory GLSA 200707-04. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

7.2CVSS0.8AI score0.00454EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.16 views

Gentoo Security Advisory GLSA 200707-04 (glibc)

The remote host is missing updates announced in advisory GLSA 200707-04. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS7.1AI score0.00454EPSS
Exploits0References2
seebug.org
seebug.org
added 2008/07/16 12:0 a.m.14 views

Solaris Runtime Linker (ld.so.1) Buffer Overflow Exploit (SPARC version)

No description provided by source. / ld.so.1 exploit SPARC coded by: osker178 bjr213 psu.edu Alright, so this exploits a fairly standard buffer overflow in the default Solaris runtime linker ld.so.1 discovery by Jouko Pynnonen Only real deviation here from the standard overflow and return into li...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/07/04 12:0 a.m.39 views

GNU C integer overflow

Integer overflow in ld.so dynamic loader...

7.2CVSS3.5AI score0.00454EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2007/02/18 12:0 a.m.23 views

Solaris 10 (sparc) : 124922-03

SunOS 5.10: ld.so.1 patch. Date this patch was last updated by Sun : Apr/09/07 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if ! definedfunc"bnrandom"...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2007/02/18 12:0 a.m.19 views

Solaris 10 (x86) : 124923-03

SunOS 5.10x86: ld.so.1 patch. Date this patch was last updated by Sun : Apr/09/07 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if ! definedfunc"bnrando...

7AI score
Exploits0References1
securityvulns
securityvulns
added 2006/12/14 12:0 a.m.42 views

Multiple Sun Solaris vulnerabilities

Buffer overflow in ld.so doprf, directory traversal on parsing different environment variables in ld.so...

5.3AI score
Exploits0References2Affected Software1
NVD
NVD
added 2006/12/13 1:28 a.m.19 views

CVE-2006-6495

Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in...

6.6CVSS7.6AI score0.00421EPSS
Exploits0References10
NVD
NVD
added 2006/12/13 1:28 a.m.20 views

CVE-2006-6494

Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. dot dot sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers...

6.6CVSS7.1AI score0.00432EPSS
Exploits0References8
CVE
CVE
added 2006/12/13 1:0 a.m.53 views

CVE-2006-6495

CVE-2006-6495 describes a stack-based buffer overflow in ld.so.1 on Sun Solaris 8/9/10. An attacker can trigger arbitrary code execution via large precision padding values in a format string specifier passed to the doprf function, resulting in local code execution. The issue generally does not cr...

6.6CVSS7.6AI score0.00421EPSS
Exploits0References10Affected Software2
seebug.org
seebug.org
added 2006/12/13 12:0 a.m.12 views

Sun Solaris ld.so多个本地安全漏洞

Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 Solaris的ld.so程序库实现上存在多个安全漏洞,本地攻击者可能利用这些漏洞提升自己的权限。 ld.so程序库对LANG环境变量值没有做充分的检查过滤即做为创建文件路径的一部分,本地攻击者可以在变量值中插入“../”目录遍历串,从而在系统上的任意位置创建文件。 ld.so程序库的doprf函数实现上存在一个栈溢出漏洞,本地攻击者可以利用此漏洞通过运行一个setuid程序来提升权限。 Sun Solaris 9.0 Sun Solaris 8.0 Sun Solaris 10.0 Sun Solaris 8.0 x8...

7.1AI score
Exploits0
Rows per page
Query Builder