137 matches found
Jynx Kit (LD_PRELOAD) Userland Rootkit Released
Jynx Kit LDPRELOAD Userland Rootkit Released Jynx Kit is a LDPRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell based on SEQ/ACK numbers in a single packet. Solid building block for further LDPRELOAD rootkits...
Jynx Kit (LD_PRELOAD) Userland Rootkit Released
Jynx Kit LDPRELOAD Userland Rootkit Released Jynx Kit is a LDPRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell based on SEQ/ACK numbers in a single packet. Solid building block for further LDPRELOAD rootkits...
Design/Logic Flaw
ld.so in the GNU C Library aka glibc or libc6 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a 1 setuid or 2 setgid program with this RPA...
CVE-2011-1658
ld.so in the GNU C Library aka glibc or libc6 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a 1 setuid or 2 setgid program with this RPA...
CVE-2011-1658
CVE-2011-1658 affects the GNU C Library (glibc) ld.so: when RPATH consists entirely of the special token $ORIGIN, it can enable local privilege escalation by linking a crafted LD_PRELOAD with a setuid/setgid program. Affected are glibc versions 2.13 and earlier. The root cause is expansion of the...
The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.
The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Czesc, This advisory describes CVE-2010-3856, an addendum to CVE-2010-3847. Please see http://seclists.org/fulldisclosure/2010/Oct/257 fo...
The GNU C library dynamic linker expands $ORIGIN in setuid library search path
The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is responsible for the runtime linking of dynamically linked programs...
GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation
Source: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Cześć, This advisory describes CVE-2010-3856, an addendum to...
GNU C library dynamic linker $ORIGIN expansion Vulnerability
Exploit for linux platform in category local exploits ============================================================ GNU C library dynamic linker $ORIGIN expansion Vulnerability ============================================================ The GNU C library dynamic linker expands $ORIGIN in setuid...
GNU C library dynamic linker - '$ORIGIN' Expansion
from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2 The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is...
Design/Logic Flaw
The rtld function in the Run-Time Link-Editor rtld in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LDPRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LDPRELOAD variable containing an...
CVE-2009-4146
The rtld function in the Run-Time Link-Editor rtld in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LDPRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LDPRELOAD variable containing an...
CVE-2009-4146
The rtld function in the Run-Time Link-Editor rtld in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LDPRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LDPRELOAD variable containing an...
CVE-2009-4146
The CVE-2009-4146 entry concerns FreeBSD's run-time linker (rtld) in libexec/rtld-elf/rtld.c. The underlying issue is that rtld's unsetenv logic does not clear LD_PRELOAD when __findenv() fails, enabling a local user to influence library loading via a modified LD_PRELOAD path and gain privileges ...
FreeBSD Run-Time Link-Editor Local r00t Zeroday
No description provided by source. Discovered & Exploited by Nikolaos Rangos also known as Kingcope. Nov 2009 "BiG TiME" "Go fetch your FreeBSD r00tkitz" // http://www.youtube.com/watch?v=dDnhthI27Fg There is an unbelievable simple local r00t bug in recent FreeBSD versions. I audited FreeBSD for...
FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Local Privilege Escalation
FreeBSD 8.0 Run-Time Link-Editor RTLD - Local Privilege Escalation Discovered & Exploited by Nikolaos Rangos also known as Kingcope. Nov 2009 "BiG TiME" "Go fetch your FreeBSD r00tkitz" // http://www.youtube.com/watch?v=dDnhthI27Fg There is an unbelievable simple local r00t bug in recent FreeBSD...
FreeBSD Run-Time Link-Editor Local r00t Zeroday
Exploit for unknown platform in category local exploits =============================================== FreeBSD Run-Time Link-Editor Local r00t Zeroday =============================================== Title: FreeBSD Run-Time Link-Editor Local r00t Zeroday CVE-ID: OSVDB-ID: Author: Kingcope...
Ordinary users by udev vulnerability to elevate to root permissions demo-vulnerability warning-the black bar safety net
Recently exposed by the udev permissions hint of vulnerability, as long as with normal user permissions, you can elevate to root privileges, the experiment a handful, really easy to upgrade. Put the following code saved as test. sh file !/ bin/sh Linux 2.6 bug found by Sebastian Krahmer lame splo...
CVE-2009-0641
systerm.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client,...
CVE-2009-0641
systerm.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client,...