47 matches found
glibc 安全特征问题漏洞
glibc GNU C Library is the C standard library implemented by the GNU Project. A security vulnerability exists in glibc, which stems from the fact that application build-time regular expressions may not correctly detect the runtime linker, and the application's pattern detection may fail to detect...
PT-2022-13668 · Fapolicyd +4 · Fapolicyd +4
Name of the Vulnerable Software and Affected Versions: fapolicyd affected versions not specified Description: A vulnerability was found due to an assumption on how glibc names the runtime linker. A build time regular expression may not correctly detect the runtime linker, causing pattern detectio...
PonyOS 4.0 - fluttershy LD_LIBRARY_PATH Local Kernel Exploit
Exploit for linux platform in category local exploits !/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running setuid files allowing for...
Linux Kernel (PonyOS 4.0) - fluttershy LD_LIBRARY_PATH Local Privilege Escalation
Linux Kernel PonyOS 4.0 - fluttershy LDLIBRARYPATH Local Privilege Escalation !/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running...
IBM AIX privilege escalation
Privilege escalation via runtime linker...
CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX
Vulnerability title: Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX CVE: CVE-2014-3074 Vendor: IBM Product: AIX Affected version: AIX 6.1 and 7.1 and VIOS 2.2. Reported by: Tim Brown Details: It has been identified that the runtime linker allows privilege escalati...
AIX 7.1 TL 3 : malloc (IV62808)
It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...
AIX 6.1 TL 9 : malloc (IV62805)
It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...
CVE-2014-3074
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program...
Design/Logic Flaw
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program...
CVE-2014-3074
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program...
CVE-2014-3074
The CVE-2014-3074 incident affects IBM AIX 6.1/7.1 (and VIOS 2.2.x) where the runtime linker allows local privilege escalation by manipulating MALLOCOPTIONS/MALLOCBUCKETS and then running a setuid program to create a root-owned 666 file. The root cause is in the malloc subsystem used by the AIX r...
AIX 7.1 TL 3 : malloc (IV60940)
It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...
CVE-2011-4060
The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LDDEBUGOUTPUT and LDDEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack...
Medium severity flaw in QNX Neutrino RTOS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20110310 Date: 10th March 2011 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: QNX Neutrino RTOS 6.5.0...
Izik : Reverse Engineering with LD_PRELOAD
July, 06 2005г.| Izik Reverse Engineering with LDPRELOAD This paper is about the LDPRELOAD feature, and how it can be useful for reverse engineering dynamically linked executables. This technique allows you to hijack functions/inject code and manipulate the application flow. Compiling Methods...
CVE-2005-2072
The runtime linker ld.so in Solaris 8, 9, and 10 trusts the LDAUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by 1 modifying LDAUDIT to reference malicious code and possibly 2 using a long value for LDAUDIT...
CVE-2005-2072
The runtime linker ld.so in Solaris 8, 9, and 10 trusts the LDAUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by 1 modifying LDAUDIT to reference malicious code and possibly 2 using a long value for LDAUDIT...
CVE-2005-2072
CVE-2005-2072 affects the runtime linker (ld.so) in Solaris 8, 9, and 10, where LD_AUDIT in setuid/setgid contexts can be abused to gain privileges (including by using a long LD_AUDIT value). Connected advisories list vendor patches addressing this: Solaris 8/9/10 patches 109147-44, 109148-42, 11...
Solaris 2.6789 (SPARC) - ld.so.1 Local Privilege Escalation
Solaris 2.6789 SPARC - ld.so.1 Local Privilege Escalation / $Id: raptorldpreload.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorldpreload.c - ld.so.1 local, Solaris/SPARC 2.6/7/8/9 Copyright c 2003-2004 Marco Ivaldi Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 throug...