Lucene search
K

137 matches found

Cvelist
Cvelist
added 2003/08/01 4:0 a.m.27 views

CVE-2003-0609

Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LDPRELOAD environment variable...

6.9AI score0.03523EPSS
Exploits5References6
securityvulns
securityvulns
added 2003/07/30 12:0 a.m.31 views

Sun Solaris Runtime Linker buffer overflow

Buffer overflow on LDPRELOAD environment variable parsing...

6.1AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2003/07/30 12:0 a.m.48 views

iDEFENSE Security Advisory 07.29.03: Buffer Overflow in Sun Solaris Runtime Linker

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 07.29.03: http://www.idefense.com/advisory/07.29.03.txt Buffer Overflow in Sun Solaris Runtime Linker July 29, 2003 I. BACKGROUND The Solaris runtime linker, ld.so.11, processes dynamic executables and shared objects at...

7.2CVSS0.03523EPSS
Exploits5
securityvulns
securityvulns
added 2003/07/30 12:0 a.m.35 views

Solaris ld.so.1 buffer overflow

OVERVIEW ======== There is a buffer overflow vulnerability in the Solaris runtime linker, /lib/ld.so.1. A local user can gain elevated privileges if there are any dynamically linked, executable SUID/SGID programs in the filesystem. On a typical Solaris installation most or all SUID/SGID programs...

0.4AI score
Exploits0
NVD
NVD
added 2003/03/03 5:0 a.m.20 views

CVE-2002-1472

Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LDPRELOAD environment variable that points to a malicious module...

7.2CVSS6.5AI score0.00369EPSS
Exploits1References7
Packet Storm
Packet Storm
added 2001/12/09 12:0 a.m.49 views

UseLogin.txt

-- OpenSSH UseLogin bug proof of concept exploit -- by WaR / http://www.genhex.org -- Intro -- I was very curious in finding out how to exploit this problem. Although I don't think anyone uses this feature, I looked into the matter anyway. Here it goes. It was tested on the following platforms: -...

7.4AI score
Exploits0
CERT
CERT
added 2001/05/17 12:0 a.m.53 views

ld.so fails to unset LD_PRELOAD before executing suid root programs

Overview ld.so fails to unset LDPRELOAD before executing suid root programs, allowing loading of insecure or malicious libraries. Description ld.so, the UNIX/LINUX dynamic loader, fails in some conditions and some operating system releases to unset LDPRELOAD before loading suid root programs for...

7.2CVSS6.9AI score0.01232EPSS
Exploits1References1
CERT
CERT
added 2001/05/14 12:0 a.m.30 views

glibc does not check SUID bit on libraries in /etc/ld.so.cache

Overview The GNU libc library fails to perform a check for the SETUID bit for cached libraries in the /etc/ld.so.cache file. As a result, malicious users may create or modify privileged files. Description The GNU libc library allows preloading libraries via the LDPRELOAD environment variable,...

2.1CVSS5.8AI score0.00861EPSS
Exploits0References10
Cvelist
Cvelist
added 2001/05/07 4:0 a.m.30 views

CVE-2001-0169

When using the LDPRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib...

6.3AI score0.00861EPSS
Exploits0References9
CVE
CVE
added 2001/05/07 4:0 a.m.94 views

CVE-2001-0169

CVE-2001-0169 : The GNU C Library (glibc) fails to verify that libraries loaded via LD_PRELOAD into SUID/SGID processes are also non-SUID/non-SGID when they come from /etc/ld.so.cache, enabling a local user to pre-load a library from /lib or /usr/lib and overwrite privileged files. Documented in ...

2.1CVSS6.3AI score0.00861EPSS
Exploits0References9Affected Software5
NVD
NVD
added 2001/03/26 5:0 a.m.24 views

CVE-2001-0169

When using the LDPRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib...

2.1CVSS6.3AI score0.00861EPSS
Exploits0References9
Debian
Debian
added 2001/03/08 5:46 p.m.12 views

[SECURITY] [DSA-039-1] glibc local file overwrite problems

Package : glibc Problem type : local file overwrite Debian-specific: no The version of GNU libc that was distributed with Debian GNU/Linux 2.2 suffered from 2 security problems: It was possible to use LDPRELOAD to load libraries that are listed in /etc/ld.so.cache, even for suid programs. This...

6AI score
Exploits0
0day.today
0day.today
added 2001/03/04 12:0 a.m.23 views

GLIBC 2.1.3 ld_preload Local Exploit

Exploit for linux platform in category local exploits ==================================== GLIBC 2.1.3 ldpreload Local Exploit ==================================== !/bin/tcsh przyklad wykorzystania dziury w LDPRELOAD shadow tested on redhat 6.0, should work on others if -e /etc/initscript echo...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2001/03/04 12:0 a.m.12 views

GLIBC 2.1.3 - LD_PRELOAD Local Privilege Escalation

GLIBC 2.1.3 - LDPRELOAD Local Privilege Escalation !/bin/tcsh przyklad wykorzystania dziury w LDPRELOAD shadow tested on redhat 6.0, should work on others if -e /etc/initscript echo uwaga: /etc/initscript istnieje cd /lib umask 0 setenv LDPRELOAD libSegFault.so setenv SEGFAULTOUTPUTNAME...

1.3AI score
Exploits0
Exploit DB
Exploit DB
added 2001/03/04 12:0 a.m.39 views

GLIBC 2.1.3 - 'LD_PRELOAD' Local Privilege Escalation

!/bin/tcsh przyklad wykorzystania dziury w LDPRELOAD shadow tested on redhat 6.0, should work on others if -e /etc/initscript echo uwaga: /etc/initscript istnieje cd /lib umask 0 setenv LDPRELOAD libSegFault.so setenv SEGFAULTOUTPUTNAME /etc/initscript echo czekaj... to moze chwile potrwac... whi...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2000/09/26 12:0 a.m.25 views

Проблема с ld.so из glibc

Переменная окружения LDPRELOAD используется для поиска динамических библиотек. При вызове suid/sgid программы эта переменная сбрасывается, но не сбрасывается, когда suid/sgid вызывает другое приложение, что позволяет подсунуть пользовательскую библиотеку...

0.5AI score
Exploits0References3Affected Software3
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.35 views

processdump.txt

Date: Tue, 15 Sep 1998 12:36:22 +0800 From: David Luyer Subject: Dump a mode --x--x--x binary on Linux 2.0.x The following file can be LDPRELOAD'ed against a mode 111 --x--x--x binary on Linux 2.0.x. It will dump the binary to a series of process-dump-... files in the current directory. The...

0.2AI score
Exploits0
Rows per page
Query Builder