glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen, including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo, may incorrectly search LDLIBRARYPATH to determine which library to load, allowing a local attacker to load...

Exploit for Origin Validation Error in Solarwinds Dameware_Mini_Remote_Control

CVE-2019-3980 CVE-2019-3980 exploit written in win32/c++ open...

Fedora 30 : clamav (2019-dcbfe89e39)

Drop [email protected] file bz1725810 ClamAV 0.101.5 is a security patch release that addresses the following issues. - CVE-2019-15961: A Denial-of-Service DoS vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved...

Searching statically-linked vulnerable library functions in executable code

Helping researchers find 0ld days Posted by Thomas Dullien, Project Zero Executive summary Software supply chains are increasingly complicated, and it can be hard to detect statically-linked copies of vulnerable third-party libraries in executables. This blog post discusses the technical details ...

Qt Weekly #26: Protecting your application against hacking

Open-source applications are open by nature, indented and encouraged for tweaking, hacking and further development. For a business critical application or a device there sometimes is desire to make it closed and prevent modifications. Because of the dual licensing, Qt offers a commercial license...

wu-ftpd 2.6.2, 2.6.0, 2.6.1 realpath() Off-By-One Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8315/info The 'realpath' function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as '/', './', '../', or symbolic links. A vulnerability that wa...

Mandriva Linux Security Advisory : ghostscript (MDVSA-2009:144)

Multiple security vulnerabilities has been identified and fixed in ghostscript : Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation CVE-2008-3520. Buffer...

Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096)

The binary of the presumably not widely used Windows software "Virtual Floppy Drive 2.1" http://chitchat.at.infoseek.co.jp/vmware/vfd.html ships with a vfd.dll that is statically linked against zlib 1.2.2 http://www.zlib.net/ which is vulnerable to CAN-2005-2096. A scan with ClamAV against the...

Trojan-static variation dynamic DLL Trojans big secret-vulnerability warning-the black bar safety net

Believe often play the Trojan friends will know some of the Trojan characteristics, will also have their own favorite Trojan, however, many friends still don't know in recent years the rise of“DLL Trojan”. What is the“DLL Trojan”? It is generally the Trojans have what different? One, from the DLL...

Linux Kernel 2.6.13 < 2.6.17.4 - 'logrotate prctl()' Local Privilege Escalation

/ $Id: raptorprctl2.c,v 1.3 2006/07/18 13:16:45 raptor Exp $ raptorprctl2.c - Linux 2.6.x suiddumpable2 logrotate Copyright c 2006 Marco Ivaldi The suiddumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of...

Linux Kernel 2.6.13 2.6.17.4 - logrotate prctl() Local Privilege Escalation

Linux Kernel 2.6.13 2.6.17.4 - logrotate prctl Local Privilege Escalation / $Id: raptorprctl2.c,v 1.3 2006/07/18 13:16:45 raptor Exp $ raptorprctl2.c - Linux 2.6.x suiddumpable2 logrotate Copyright c 2006 Marco Ivaldi The suiddumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4,...

Mandrake Linux Security Advisory : sash (MDKSA-2006:070)

Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core CVE-2005-2096. Markus Oberhumber discovered additional ways that a specially crafted compresse...

elfcd1.txt

!/bin/bash elfcd.sh warning: This code will crash your machine cat elfcd1.c / Linux binfmtelf core dump buffer overflow Copyright c 2005 iSEC Security Research. All Rights Reserved. THIS PROGRAM IS FOR EDUCATIONAL PURPOSES ONLY IT IS PROVIDED "AS IS" AND WITHOUT ANY WARRANTY. COPYING, PRINTING,...

SUSE-SA:2003:0010: libmcrypt

The remote host is missing the patch for the advisory SUSE-SA:2003:0010 libmcrypt. Libmcrypt is a data encryption library that is able to load crypto- modules at run-time by using libltdl. Versions of libmcrypt prior to 2.5.5 include several buffer overflows that can be triggered by passing very...