FreeBSD rtld execl elevation of privilege vulnerability (CNVD-2019-15522)

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. An elevation of privilege vulnerability exists in the rtld function of Run-Time Link-Editor rtld in libexec/rtld-elf/rtld.c in FreeBSD versions 7.1 and 8.0. The vulnerability stems from a lack of effective...

FreeBSD rtld execl elevation of privilege vulnerability

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. An elevation of privilege vulnerability exists in FreeBSD versions 7.1, 7.2, and 8.0. The vulnerability stems from a lack of effective permission and access control measures in a network system or product. An attacker ca...

FreeBSD rtld execl() Privilege Escalation Exploit

This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor rtld. The rtld unsetenv function fails to remove LD environment variables if findenv fails. This can be abused to load arbitrary shared objects using LDPRELOAD, resulting in privileged code execution. This module...

FreeBSD rtld execl() Privilege Escalation

This module exploits a vulnerability in the FreeBSD run-time link-editor rtld. The rtld unsetenv function fails to remove LD environment variables if findenv fails. This can be abused to load arbitrary shared objects using LDPRELOAD, resulting in privileged code execution. This module has been...

FreeBSD : FreeBSD -- Improper environment sanitization in rtld(1) (ad08d14b-ca3d-11df-aade-0050568f000c)

When running setuid programs rtld will normally remove potentially dangerous environment variables. Due to recent changes in FreeBSD environment variable handling code, a corrupt environment may result in attempts to unset environment variables failing. %NASLMINLEVEL 70300 C Tenable Network...

GNU C library dynamic linker - '$ORIGIN' Expansion

from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2 The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is...

FreeBSD Security Advisory (FreeBSD-SA-09:16.rtld.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-09:16.rtld.asc SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

FreeBSD Security Advisory (FreeBSD-SA-09:16.rtld.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-09:16.rtld.asc ADV FreeBSD-SA-09:16.rtld.asc OpenVAS Vulnerability Test $ Description: Auto generated from ADV FreeBSD-SA-09:16.rtld.asc Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

FreeBSD Security Advisory FreeBSD-SA-09:16.rtld

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:16.rtld Security Advisory The FreeBSD Project Topic: Improper environment sanitization in rtld1 Category: core Module: rtld Announced: 2009-12-03 Affects:...

FreeBSD -- Improper environment sanitization in rtld(1)

Problem Description: When running setuid programs rtld will normally remove potentially dangerous environment variables. Due to recent changes in FreeBSD environment variable handling code, a corrupt environment may result in attempts to unset environment variables failing...

CVE-2009-4147

The rtld function in the Run-Time Link-Editor rtld in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the 1 LDLIBMAP, 2 LDLIBRARYPATH, 3 LDLIBMAPDISABLE, 4 LDDEBUG, and 5 LDELFHINTSPATH environment variables, which allows local users to gain privileges by executing a setuid or setgu...

CVE-2009-4147

CVE-2009-4147 affects FreeBSD rtld (libexec/rtld-elf/rtld.c) on FreeBSD 7.1, 7.2 and 8.0. The rtld function fails to clear LD * environment variables, allowing a local user to exploit a modified search path to load a Trojan library and escalate privileges (e.g., through setuid/setgid programs). R...

CVE-2009-4147

The rtld function in the Run-Time Link-Editor rtld in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the 1 LDLIBMAP, 2 LDLIBRARYPATH, 3 LDLIBMAPDISABLE, 4 LDDEBUG, and 5 LDELFHINTSPATH environment variables, which allows local users to gain privileges by executing a setuid or setgu...

Design/Logic Flaw

The rtld function in the Run-Time Link-Editor rtld in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LDPRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LDPRELOAD variable containing an...

CVE-2009-4146

The CVE-2009-4146 entry concerns FreeBSD's run-time linker (rtld) in libexec/rtld-elf/rtld.c. The underlying issue is that rtld's unsetenv logic does not clear LD_PRELOAD when __findenv() fails, enabling a local user to influence library loading via a modified LD_PRELOAD path and gain privileges ...

CVE-2009-4146

The rtld function in the Run-Time Link-Editor rtld in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LDPRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LDPRELOAD variable containing an...

FreeBSD rtld Local Root Exploit

FreeBSD local r00t 0day Discovered & Exploited by Nikolaos Rangos also known as Kingcope. Nov 2009 "BiG TiME" "Go fetch your FreeBSD r00tkitz" // http://www.youtube.com/watch?v=dDnhthI27Fg There is an unbelievable simple local r00t bug in recent FreeBSD versions. I audited FreeBSD for local r00t...

FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Local Privilege Escalation

FreeBSD 8.0 Run-Time Link-Editor RTLD - Local Privilege Escalation Discovered & Exploited by Nikolaos Rangos also known as Kingcope. Nov 2009 "BiG TiME" "Go fetch your FreeBSD r00tkitz" // http://www.youtube.com/watch?v=dDnhthI27Fg There is an unbelievable simple local r00t bug in recent FreeBSD...

FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Local Privilege Escalation

Discovered & Exploited by Nikolaos Rangos also known as Kingcope. Nov 2009 "BiG TiME" "Go fetch your FreeBSD r00tkitz" // http://www.youtube.com/watch?v=dDnhthI27Fg There is an unbelievable simple local r00t bug in recent FreeBSD versions. I audited FreeBSD for local r00t bugs a long time sigh. N...

FreeBSD Run-Time Link-Editor Local r00t Zeroday

No description provided by source. Discovered & Exploited by Nikolaos Rangos also known as Kingcope. Nov 2009 "BiG TiME" "Go fetch your FreeBSD r00tkitz" // http://www.youtube.com/watch?v=dDnhthI27Fg There is an unbelievable simple local r00t bug in recent FreeBSD versions. I audited FreeBSD for...