Lucene search
K

137 matches found

UbuntuCve
UbuntuCve
added 2006/04/06 10:4 p.m.27 views

CVE-2006-1629

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LDPRELOAD environment variable...

9CVSS7.3AI score0.03021EPSS
Exploits0References1
NVD
NVD
added 2006/04/06 10:4 p.m.19 views

CVE-2006-1629

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LDPRELOAD environment variable...

9CVSS7.4AI score0.03021EPSS
Exploits0References14
Cvelist
Cvelist
added 2006/04/06 10:0 p.m.28 views

CVE-2006-1629

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LDPRELOAD environment variable...

7.3AI score0.03021EPSS
Exploits0References14
Debian CVE
Debian CVE
added 2006/04/06 10:0 p.m.31 views

CVE-2006-1629

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LDPRELOAD environment variable...

9CVSS7.4AI score0.03021EPSS
Exploits0
securityvulns
securityvulns
added 2006/04/06 12:0 a.m.43 views

[SA19531] OpenVPN LD_PRELOAD Environment Variable Pushing Vulnerability

TITLE: OpenVPN LDPRELOAD Environment Variable Pushing Vulnerability SECUNIA ADVISORY ID: SA19531 VERIFY ADVISORY: http://secunia.com/advisories/19531/ CRITICAL: Less critical IMPACT: System access WHERE: From remote SOFTWARE: OpenVPN 2.x http://secunia.com/product/5568/ DESCRIPTION: Hendrik Weime...

0.2AI score
Exploits0
FreeBSD
FreeBSD
added 2006/04/03 12:0 a.m.23 views

openvpn -- LD_PRELOAD code execution on client through malicious or compromised server

Hendrik Weimer reports: OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old...

9CVSS6.4AI score0.03021EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2005/12/28 1:3 a.m.20 views

CVE-2005-4532

scponlyc in scponly 4.1 and earlier, when the operating system supports LDPRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LDPRELOAD to...

7.2CVSS6.3AI score0.00433EPSS
Exploits0References1
NVD
NVD
added 2005/12/28 1:3 a.m.26 views

CVE-2005-4532

scponlyc in scponly 4.1 and earlier, when the operating system supports LDPRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LDPRELOAD to...

7.2CVSS7AI score0.00433EPSS
Exploits0References8
Cvelist
Cvelist
added 2005/12/28 1:0 a.m.26 views

CVE-2005-4532

scponlyc in scponly 4.1 and earlier, when the operating system supports LDPRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LDPRELOAD to...

6.9AI score0.00433EPSS
Exploits0References8
CVE
CVE
added 2005/12/28 1:0 a.m.47 views

CVE-2005-4532

CVE-2005-4532 affects scponly versions 4.1 and earlier. The root cause is a design/implementation flaw in scponlyc that can be exploited when LD_PRELOAD is available: an unprivileged user can create a chroot directory in their home, hard-link to a system setuid application, and override expected ...

7.2CVSS7AI score0.00433EPSS
Exploits0References8Affected Software1
FreeBSD
FreeBSD
added 2005/12/21 12:0 a.m.21 views

scponly -- local privilege escalation exploits

Max Vozeler reports: If ALL the following conditions are true, administrators using scponly-4.1 or older may be at risk of a local privilege escalation exploit: the chrooted setuid scponlyc binary is installed regular non-scponly users have interactive shell access to the box a user executable...

2AI score
Exploits0References2
NVD
NVD
added 2005/11/20 9:3 p.m.33 views

CVE-2005-3346

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LDPRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv...

7.2CVSS6.7AI score0.00847EPSS
Exploits0References9
CVE
CVE
added 2005/11/20 9:0 p.m.65 views

CVE-2005-3346

CVE-2005-3346 affects osh (OSHevironment) 1.7-14, where a buffer overflow in the environment variable substitution code (main.c) can be triggered by pathname args like "$VAR/EVAR=arg". This allows a local attacker to inject arbitrary environment variables (e.g., LD_PRELOAD) and, per Debian's advi...

7.2CVSS6.7AI score0.00847EPSS
Exploits0References9Affected Software1
Exploit DB
Exploit DB
added 2004/12/24 12:0 a.m.57 views

Solaris 2.6/7/8/9 (SPARC) - 'ld.so.1' Local Privilege Escalation

/ $Id: raptorldpreload.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorldpreload.c - ld.so.1 local, Solaris/SPARC 2.6/7/8/9 Copyright c 2003-2004 Marco Ivaldi Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long...

7.2CVSS7AI score0.03523EPSS
Exploits5
exploitpack
exploitpack
added 2004/12/24 12:0 a.m.25 views

Solaris 2.6789 (SPARC) - ld.so.1 Local Privilege Escalation

Solaris 2.6789 SPARC - ld.so.1 Local Privilege Escalation / $Id: raptorldpreload.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorldpreload.c - ld.so.1 local, Solaris/SPARC 2.6/7/8/9 Copyright c 2003-2004 Marco Ivaldi Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 throug...

7.2CVSS0.1AI score0.03523EPSS
Exploits5
0day.today
0day.today
added 2004/12/24 12:0 a.m.63 views

Solaris 2.6/7/8/9 (ld.so.1) Local Root Exploit (sparc)

Exploit for solaris platform in category local exploits ====================================================== Solaris 2.6/7/8/9 ld.so.1 Local Root Exploit sparc ====================================================== / $Id: raptorldpreload.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorldpreload....

6.8AI score0.03523EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.27 views

Debian DSA-039-1 : glibc

The version of GNU libc that was distributed with Debian GNU/Linux 2.2 suffered from 2 security problems : - It was possible to use LDPRELOAD to load libraries that are listed in /etc/ld.so.cache, even for suid programs. This could be used to create and overwrite files which a user should not be...

2.1CVSS5.5AI score0.00861EPSS
Exploits0References2
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.24 views

CVE-2002-1472

Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LDPRELOAD environment variable that points to a malicious module...

6.5AI score0.00369EPSS
Exploits1References7
CVE
CVE
added 2004/09/01 4:0 a.m.70 views

CVE-2002-1472

CVE-2002-1472 describes an untrusted search path vulnerability in XFree86’s libX11.so used by setuid/setgid programs. A local attacker can leverage a modified LD_PRELOAD to point to a malicious module and gain root privileges; impact is local privilege escalation. The vulnerability is associated ...

7.2CVSS6.5AI score0.00369EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2003/08/27 4:0 a.m.24 views

CVE-2003-0609

Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LDPRELOAD environment variable...

7.2CVSS6.9AI score0.03523EPSS
Exploits5References6
Rows per page
Query Builder