137 matches found
CVE-2006-1629
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LDPRELOAD environment variable...
CVE-2006-1629
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LDPRELOAD environment variable...
CVE-2006-1629
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LDPRELOAD environment variable...
CVE-2006-1629
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LDPRELOAD environment variable...
[SA19531] OpenVPN LD_PRELOAD Environment Variable Pushing Vulnerability
TITLE: OpenVPN LDPRELOAD Environment Variable Pushing Vulnerability SECUNIA ADVISORY ID: SA19531 VERIFY ADVISORY: http://secunia.com/advisories/19531/ CRITICAL: Less critical IMPACT: System access WHERE: From remote SOFTWARE: OpenVPN 2.x http://secunia.com/product/5568/ DESCRIPTION: Hendrik Weime...
openvpn -- LD_PRELOAD code execution on client through malicious or compromised server
Hendrik Weimer reports: OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old...
CVE-2005-4532
scponlyc in scponly 4.1 and earlier, when the operating system supports LDPRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LDPRELOAD to...
CVE-2005-4532
scponlyc in scponly 4.1 and earlier, when the operating system supports LDPRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LDPRELOAD to...
CVE-2005-4532
scponlyc in scponly 4.1 and earlier, when the operating system supports LDPRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LDPRELOAD to...
CVE-2005-4532
CVE-2005-4532 affects scponly versions 4.1 and earlier. The root cause is a design/implementation flaw in scponlyc that can be exploited when LD_PRELOAD is available: an unprivileged user can create a chroot directory in their home, hard-link to a system setuid application, and override expected ...
scponly -- local privilege escalation exploits
Max Vozeler reports: If ALL the following conditions are true, administrators using scponly-4.1 or older may be at risk of a local privilege escalation exploit: the chrooted setuid scponlyc binary is installed regular non-scponly users have interactive shell access to the box a user executable...
CVE-2005-3346
Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LDPRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv...
CVE-2005-3346
CVE-2005-3346 affects osh (OSHevironment) 1.7-14, where a buffer overflow in the environment variable substitution code (main.c) can be triggered by pathname args like "$VAR/EVAR=arg". This allows a local attacker to inject arbitrary environment variables (e.g., LD_PRELOAD) and, per Debian's advi...
Solaris 2.6/7/8/9 (SPARC) - 'ld.so.1' Local Privilege Escalation
/ $Id: raptorldpreload.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorldpreload.c - ld.so.1 local, Solaris/SPARC 2.6/7/8/9 Copyright c 2003-2004 Marco Ivaldi Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long...
Solaris 2.6789 (SPARC) - ld.so.1 Local Privilege Escalation
Solaris 2.6789 SPARC - ld.so.1 Local Privilege Escalation / $Id: raptorldpreload.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorldpreload.c - ld.so.1 local, Solaris/SPARC 2.6/7/8/9 Copyright c 2003-2004 Marco Ivaldi Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 throug...
Solaris 2.6/7/8/9 (ld.so.1) Local Root Exploit (sparc)
Exploit for solaris platform in category local exploits ====================================================== Solaris 2.6/7/8/9 ld.so.1 Local Root Exploit sparc ====================================================== / $Id: raptorldpreload.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorldpreload....
Debian DSA-039-1 : glibc
The version of GNU libc that was distributed with Debian GNU/Linux 2.2 suffered from 2 security problems : - It was possible to use LDPRELOAD to load libraries that are listed in /etc/ld.so.cache, even for suid programs. This could be used to create and overwrite files which a user should not be...
CVE-2002-1472
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LDPRELOAD environment variable that points to a malicious module...
CVE-2002-1472
CVE-2002-1472 describes an untrusted search path vulnerability in XFree86’s libX11.so used by setuid/setgid programs. A local attacker can leverage a modified LD_PRELOAD to point to a malicious module and gain root privileges; impact is local privilege escalation. The vulnerability is associated ...
CVE-2003-0609
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LDPRELOAD environment variable...