EUVD-2000-0946

Malware in sbrugna...

Code injection

The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LDDEBUGOUTPUT and LDDEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack...

CVE-2011-4060

The CVE-2011-4060 issue affects QNX Neutrino RTOS 6.5.0 before Service Pack 1, where the runtime linker does not properly clear LD_DEBUG_OUTPUT and LD_DEBUG environment variables when spawning a program from a setuid context. This allows local users to manipulate file system state via a symlink a...

Medium severity flaw in QNX Neutrino RTOS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20110310 Date: 10th March 2011 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: QNX Neutrino RTOS 6.5.0...

QNX Neutrino RTOS privilege escalation

It's possible to overwrite files via LDDEBUGOUTPUT for suid applications...

Debian glibc 2 symlink issue could allow arbitrary file overwriting

Overview Some versions of ld.so, the loader for shared libraries in UNIX/LINUX, do not properly clear risky environment variables, allowing a symlink attack to overwrite arbitrary files. Description LDDEBUGOUTPUT specifies a directory in which ld.so creates a file with a predictable name based on...

ld.so bug - LD_DEBUG_OUTPUT follows symlinks

Hi, ld.so from glibc2 doesn't unset variables LDDEBUGOUTPUT and LDDEBUG when running suid. If program calls setuid0 and then fork, child process will follow prepared symlink $LDDEBUGOUTPUT.$pid and overwrites any file in system. Jakub Vlasek...