Lucene search
K

57 matches found

securityvulns
securityvulns
added 2010/10/26 12:0 a.m.87 views

The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.

The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Czesc, This advisory describes CVE-2010-3856, an addendum to CVE-2010-3847. Please see http://seclists.org/fulldisclosure/2010/Oct/257 fo...

7.2CVSS9AI score0.09454EPSS
Exploits35
securityvulns
securityvulns
added 2010/10/24 12:0 a.m.101 views

The GNU C library dynamic linker expands $ORIGIN in setuid library search path

The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is responsible for the runtime linking of dynamically linked programs...

7.2CVSS10AI score0.08747EPSS
Exploits22
Tenable Nessus
Tenable Nessus
added 2010/10/24 12:0 a.m.43 views

Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : glibc, eglibc vulnerabilities (USN-1009-1)

Tavis Ormandy discovered multiple flaws in the GNU C Library's handling of the LDAUDIT environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges. CVE-2010-3847, CVE-2010-3856. Note that Tenable Network Security has extracted the preceding...

7.2CVSS6AI score0.09454EPSS
Exploits35References4
Tenable Nessus
Tenable Nessus
added 2010/10/24 12:0 a.m.46 views

Debian DSA-2122-1 : glibc - missing input sanitization

Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LDAUDIT environment variable. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debi...

7.2CVSS8AI score0.09454EPSS
Exploits35References4
0day.today
0day.today
added 2010/10/23 12:0 a.m.46 views

GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability

Exploit for linux platform in category local exploits ====================================================================== GNU C library dynamic linker LDAUDIT arbitrary DSO load Vulnerability ====================================================================== The GNU C library dynamic linke...

6.8AI score0.09454EPSS
Exploits35
Debian
Debian
added 2010/10/22 5:5 p.m.74 views

[SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalation

------------------------------------------------------------------------ Debian Security Advisory DSA-2122-1 [email protected] http://www.debian.org/security/ Florian Weimer October 22, 2010 http://www.debian.org/security/faq -...

7.2CVSS8.1AI score0.09454EPSS
Exploits35
OpenVAS
OpenVAS
added 2010/10/22 12:0 a.m.27 views

RedHat Update for glibc RHSA-2010:0787-01

Check for the Version of glibc OpenVAS Vulnerability Test RedHat Update for glibc RHSA-2010:0787-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

6.9CVSS9AI score0.08747EPSS
Exploits20References2
UbuntuCve
UbuntuCve
added 2010/10/22 12:0 a.m.52 views

CVE-2010-3856

ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...

7.2CVSS7.1AI score0.09454EPSS
Exploits24References2
exploitpack
exploitpack
added 2010/10/22 12:0 a.m.74 views

GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation

GNU C Library 2.x libc6 - Dynamic Linker LDAUDIT Arbitrary DSO Load Privilege Escalation Source: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads...

7.2CVSS1AI score0.09454EPSS
Exploits35
Exploit DB
Exploit DB
added 2010/10/22 12:0 a.m.86 views

GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation

Source: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Cześć, This advisory describes CVE-2010-3856, an addendum to...

7.2CVSS8.2AI score0.09454EPSS
Exploits24
RedHat Linux
RedHat Linux
added 2010/10/20 11:26 p.m.42 views

Important: Red Hat Security Advisory: glibc security update

Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

6.9CVSS7.3AI score0.08747EPSS
Exploits20References2
0day.today
0day.today
added 2010/10/19 12:0 a.m.68 views

GNU C library dynamic linker $ORIGIN expansion Vulnerability

Exploit for linux platform in category local exploits ============================================================ GNU C library dynamic linker $ORIGIN expansion Vulnerability ============================================================ The GNU C library dynamic linker expands $ORIGIN in setuid...

6.8AI score0.08747EPSS
Exploits22
exploitpack
exploitpack
added 2010/10/18 12:0 a.m.91 views

GNU C library dynamic linker - $ORIGIN Expansion

GNU C library dynamic linker - $ORIGIN Expansion from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2 The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is...

7.2CVSS0.7AI score0.08747EPSS
Exploits22
Exploit DB
Exploit DB
added 2010/10/18 12:0 a.m.101 views

GNU C library dynamic linker - '$ORIGIN' Expansion

from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2 The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is...

6.9CVSS9.1AI score0.08747EPSS
Exploits20
Cvelist
Cvelist
added 2005/06/29 4:0 a.m.27 views

CVE-2005-2072

The runtime linker ld.so in Solaris 8, 9, and 10 trusts the LDAUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by 1 modifying LDAUDIT to reference malicious code and possibly 2 using a long value for LDAUDIT...

6.7AI score0.00998EPSS
Exploits1References9
CVE
CVE
added 2005/06/29 4:0 a.m.63 views

CVE-2005-2072

CVE-2005-2072 affects the runtime linker (ld.so) in Solaris 8, 9, and 10, where LD_AUDIT in setuid/setgid contexts can be abused to gain privileges (including by using a long LD_AUDIT value). Connected advisories list vendor patches addressing this: Solaris 8/9/10 patches 109147-44, 109148-42, 11...

7.2CVSS6.7AI score0.00998EPSS
Exploits1References9Affected Software2
securityvulns
securityvulns
added 2005/06/28 12:0 a.m.31 views

Re: [Full-disclosure] Solaris 9/10 ld.so fun

Przemyslaw Frasunek wrote: ld.so from Solaris 9 and 10 doesn't check LDAUDIT environment variable when running sugid binaries, allowing to run arbitrary code with elevated privileges. Well, I can't belive, that such trivial vulnerability exists in modern OS... ... Oh, well, it's not the end of fu...

7.4AI score
Exploits0
Rows per page
Query Builder