57 matches found
The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.
The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Czesc, This advisory describes CVE-2010-3856, an addendum to CVE-2010-3847. Please see http://seclists.org/fulldisclosure/2010/Oct/257 fo...
The GNU C library dynamic linker expands $ORIGIN in setuid library search path
The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is responsible for the runtime linking of dynamically linked programs...
Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : glibc, eglibc vulnerabilities (USN-1009-1)
Tavis Ormandy discovered multiple flaws in the GNU C Library's handling of the LDAUDIT environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges. CVE-2010-3847, CVE-2010-3856. Note that Tenable Network Security has extracted the preceding...
Debian DSA-2122-1 : glibc - missing input sanitization
Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LDAUDIT environment variable. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debi...
GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability
Exploit for linux platform in category local exploits ====================================================================== GNU C library dynamic linker LDAUDIT arbitrary DSO load Vulnerability ====================================================================== The GNU C library dynamic linke...
[SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalation
------------------------------------------------------------------------ Debian Security Advisory DSA-2122-1 [email protected] http://www.debian.org/security/ Florian Weimer October 22, 2010 http://www.debian.org/security/faq -...
RedHat Update for glibc RHSA-2010:0787-01
Check for the Version of glibc OpenVAS Vulnerability Test RedHat Update for glibc RHSA-2010:0787-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...
CVE-2010-3856
ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...
GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation
GNU C Library 2.x libc6 - Dynamic Linker LDAUDIT Arbitrary DSO Load Privilege Escalation Source: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads...
GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation
Source: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Cześć, This advisory describes CVE-2010-3856, an addendum to...
Important: Red Hat Security Advisory: glibc security update
Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
GNU C library dynamic linker $ORIGIN expansion Vulnerability
Exploit for linux platform in category local exploits ============================================================ GNU C library dynamic linker $ORIGIN expansion Vulnerability ============================================================ The GNU C library dynamic linker expands $ORIGIN in setuid...
GNU C library dynamic linker - $ORIGIN Expansion
GNU C library dynamic linker - $ORIGIN Expansion from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2 The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is...
GNU C library dynamic linker - '$ORIGIN' Expansion
from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2 The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is...
CVE-2005-2072
The runtime linker ld.so in Solaris 8, 9, and 10 trusts the LDAUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by 1 modifying LDAUDIT to reference malicious code and possibly 2 using a long value for LDAUDIT...
CVE-2005-2072
CVE-2005-2072 affects the runtime linker (ld.so) in Solaris 8, 9, and 10, where LD_AUDIT in setuid/setgid contexts can be abused to gain privileges (including by using a long LD_AUDIT value). Connected advisories list vendor patches addressing this: Solaris 8/9/10 patches 109147-44, 109148-42, 11...
Re: [Full-disclosure] Solaris 9/10 ld.so fun
Przemyslaw Frasunek wrote: ld.so from Solaris 9 and 10 doesn't check LDAUDIT environment variable when running sugid binaries, allowing to run arbitrary code with elevated privileges. Well, I can't belive, that such trivial vulnerability exists in modern OS... ... Oh, well, it's not the end of fu...