137 matches found
CVE-2003-0609
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LDPRELOAD environment variable...
Sun Solaris Runtime Linker buffer overflow
Buffer overflow on LDPRELOAD environment variable parsing...
iDEFENSE Security Advisory 07.29.03: Buffer Overflow in Sun Solaris Runtime Linker
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 07.29.03: http://www.idefense.com/advisory/07.29.03.txt Buffer Overflow in Sun Solaris Runtime Linker July 29, 2003 I. BACKGROUND The Solaris runtime linker, ld.so.11, processes dynamic executables and shared objects at...
Solaris ld.so.1 buffer overflow
OVERVIEW ======== There is a buffer overflow vulnerability in the Solaris runtime linker, /lib/ld.so.1. A local user can gain elevated privileges if there are any dynamically linked, executable SUID/SGID programs in the filesystem. On a typical Solaris installation most or all SUID/SGID programs...
CVE-2002-1472
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LDPRELOAD environment variable that points to a malicious module...
UseLogin.txt
-- OpenSSH UseLogin bug proof of concept exploit -- by WaR / http://www.genhex.org -- Intro -- I was very curious in finding out how to exploit this problem. Although I don't think anyone uses this feature, I looked into the matter anyway. Here it goes. It was tested on the following platforms: -...
ld.so fails to unset LD_PRELOAD before executing suid root programs
Overview ld.so fails to unset LDPRELOAD before executing suid root programs, allowing loading of insecure or malicious libraries. Description ld.so, the UNIX/LINUX dynamic loader, fails in some conditions and some operating system releases to unset LDPRELOAD before loading suid root programs for...
glibc does not check SUID bit on libraries in /etc/ld.so.cache
Overview The GNU libc library fails to perform a check for the SETUID bit for cached libraries in the /etc/ld.so.cache file. As a result, malicious users may create or modify privileged files. Description The GNU libc library allows preloading libraries via the LDPRELOAD environment variable,...
CVE-2001-0169
When using the LDPRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib...
CVE-2001-0169
CVE-2001-0169 : The GNU C Library (glibc) fails to verify that libraries loaded via LD_PRELOAD into SUID/SGID processes are also non-SUID/non-SGID when they come from /etc/ld.so.cache, enabling a local user to pre-load a library from /lib or /usr/lib and overwrite privileged files. Documented in ...
CVE-2001-0169
When using the LDPRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib...
[SECURITY] [DSA-039-1] glibc local file overwrite problems
Package : glibc Problem type : local file overwrite Debian-specific: no The version of GNU libc that was distributed with Debian GNU/Linux 2.2 suffered from 2 security problems: It was possible to use LDPRELOAD to load libraries that are listed in /etc/ld.so.cache, even for suid programs. This...
GLIBC 2.1.3 ld_preload Local Exploit
Exploit for linux platform in category local exploits ==================================== GLIBC 2.1.3 ldpreload Local Exploit ==================================== !/bin/tcsh przyklad wykorzystania dziury w LDPRELOAD shadow tested on redhat 6.0, should work on others if -e /etc/initscript echo...
GLIBC 2.1.3 - LD_PRELOAD Local Privilege Escalation
GLIBC 2.1.3 - LDPRELOAD Local Privilege Escalation !/bin/tcsh przyklad wykorzystania dziury w LDPRELOAD shadow tested on redhat 6.0, should work on others if -e /etc/initscript echo uwaga: /etc/initscript istnieje cd /lib umask 0 setenv LDPRELOAD libSegFault.so setenv SEGFAULTOUTPUTNAME...
GLIBC 2.1.3 - 'LD_PRELOAD' Local Privilege Escalation
!/bin/tcsh przyklad wykorzystania dziury w LDPRELOAD shadow tested on redhat 6.0, should work on others if -e /etc/initscript echo uwaga: /etc/initscript istnieje cd /lib umask 0 setenv LDPRELOAD libSegFault.so setenv SEGFAULTOUTPUTNAME /etc/initscript echo czekaj... to moze chwile potrwac... whi...
Проблема с ld.so из glibc
Переменная окружения LDPRELOAD используется для поиска динамических библиотек. При вызове suid/sgid программы эта переменная сбрасывается, но не сбрасывается, когда suid/sgid вызывает другое приложение, что позволяет подсунуть пользовательскую библиотеку...
processdump.txt
Date: Tue, 15 Sep 1998 12:36:22 +0800 From: David Luyer Subject: Dump a mode --x--x--x binary on Linux 2.0.x The following file can be LDPRELOAD'ed against a mode 111 --x--x--x binary on Linux 2.0.x. It will dump the binary to a series of process-dump-... files in the current directory. The...