3209 matches found
glibc: ld.so insecure handling of $ORIGIN in LD_AUDIT for setuid/setgid programs
elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...
GNU C Library Dynamic Linker $ORIGIN Expansion Vulnerability
The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is responsible for the runtime linking of dynamically linked programs...
GNU C library dynamic linker $ORIGIN expansion Vulnerability
Exploit for linux platform in category local exploits ============================================================ GNU C library dynamic linker $ORIGIN expansion Vulnerability ============================================================ The GNU C library dynamic linker expands $ORIGIN in setuid...
GNU C library dynamic linker - '$ORIGIN' Expansion
from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2 The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is...
FreeBSD - pseudofs Null Pointer Dereference Privilege Escalation
FreeBSD - pseudofs Null Pointer Dereference Privilege Escalation / source: https://www.securityfocus.com/bid/43060/info 18.08.2010, babcia padlina FreeBSD 7.0 - 7.2 pseudofs null ptr dereference exploit to obtain SYSENT8SYCALLADDR, run: $ kgdb /boot/kernel/kernel kgdb print &sysent8.sycall / defi...
linux/x86 setuid(0) and dd of=/dev/sda if=/dev/zero shellcode 74 bytes
Exploit for linux/x86 platform in category shellcode ====================================================================== linux/x86 setuid0 and dd of=/dev/sda if=/dev/zero shellcode 74 bytes ====================================================================== / Title : Linux x86 shellcode...
CentOS 4 : rpm (CESA-2010:0678)
Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...
CentOS Update for popt CESA-2010:0678 centos4 i386
Check for the Version of popt OpenVAS Vulnerability Test CentOS Update for popt CESA-2010:0678 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
CentOS Update for popt CESA-2010:0678 centos4 i386
Check for the Version of popt OpenVAS Vulnerability Test CentOS Update for popt CESA-2010:0678 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
RedHat Update for rpm RHSA-2010:0678-01
Check for the Version of rpm OpenVAS Vulnerability Test RedHat Update for rpm RHSA-2010:0678-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
popt, rpm security update
CentOS Errata and Security Advisory CESA-2010:0678 Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...
RHEL 4 : rpm (RHSA-2010:0678)
Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...
RHEL 5 : rpm (RHSA-2010:0679)
Updated rpm packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
Moderate: Red Hat Security Advisory: rpm security and bug fix update
Updated rpm packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
rpm: fails to drop SUID/SGID bits on package upgrade
lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable 1...
rpm: fails to drop SUID/SGID bits on package removal
lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable 1 setuid or 2 setgid file, a related issue to CVE-2010-2059...
Moderate: Red Hat Security Advisory: rpm security update
Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...
Zysploit
Takes advantage of a setuid vulnerability few details available...
linux/x86 setuid(0) && execve(/bin/sh,0,0) 27 bytes
Exploit for linux/x86 platform in category shellcode ============================================================= linux/x86 setuid0 && execve/bin/sh,0,0 shellcode 27 bytes ============================================================= Special Thanks Inj3ct0r Exploit DataBase I Love Inj3ct0r.Com...
linux/x86 setuid(0) && execve(/usr/sbin/pwunconv,0,0) 42 bytes
Exploit for linux/x86 platform in category shellcode ======================================================================== linux/x86 setuid0 && execve/usr/sbin/pwunconv,0,0 shellcode 42 bytes ======================================================================== Special Thanks Inj3ct0r Explo...