12 matches found
EUVD-2004-1449
Malware in sbrugna...
EUVD-2000-0946
Malware in sbrugna...
Code injection
The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LDDEBUGOUTPUT and LDDEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack...
CVE-2011-4060
The CVE-2011-4060 issue affects QNX Neutrino RTOS 6.5.0 before Service Pack 1, where the runtime linker does not properly clear LD_DEBUG_OUTPUT and LD_DEBUG environment variables when spawning a program from a setuid context. This allows local users to manipulate file system state via a symlink a...
CVE-2011-4060
The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LDDEBUGOUTPUT and LDDEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack...
Medium severity flaw in QNX Neutrino RTOS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20110310 Date: 10th March 2011 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: QNX Neutrino RTOS 6.5.0...
CVE-2004-1453
CVE-2004-1453 affects the GNU C Library (glibc). The issue arises when LD_DEBUG, LD_SHOW_AUXV, and LD_DYNAMIC_WEAK are not restricted for setuid programs, allowing a local attacker to obtain sensitive information (e.g., the program’s symbol list). This is a local information disclosure vulnerabil...
CVE-2004-1453
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LDDEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program...
CVE-2004-1453
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LDDEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program...
GLSA-200408-16 : glibc: Information leak with LD_DEBUG
The remote host is affected by the vulnerability described in GLSA-200408-16 glibc: Information leak with LDDEBUG Silvio Cesare discovered a potential information leak in glibc. It allows LDDEBUG on SUID binaries where it should not be allowed. This has various security implications, which may be...
glibc LD_DEBUG privilege escalation
glibc allows LDDEBUG to be applied to suid binaries...
glibc: Information leak with LD_DEBUG
Background The GNU C library defines various Unix-like "system calls" and other basic facilities needed for a standard POSIX-like application to operate. Description Silvio Cesare discovered a potential information leak in glibc. It allows LDDEBUG on SUID binaries where it should not be allowed...