New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit TRU. Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs...

io_uring Same Type Object Reuse Priv Esc

This module exploits a bug in iouring leading to an additional putcred that can be exploited to hijack credentials of other processes. We spawn SUID programs to get the free'd cred object reallocated by a privileged process and abuse them to create a SUID root binary ourselves that'll pop a shell...

Libc locale exploit (1)

No description provided by source. / source: http://www.securityfocus.com/bid/1634/info ectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...

RedHat 6 glibc/locale Subsystem Format String

No description provided by source. / source: http://www.securityfocus.com/bid/1634/info Conectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...

Libc locale exploit (2)

No description provided by source. / source: http://www.securityfocus.com/bid/1634/info ectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...

Debian Security Advisory DSA 039-1 (glibc)

The remote host is missing an update to glibc announced via advisory DSA 039-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-200707-04 : GNU C Library: Integer overflow

The remote host is affected by the vulnerability described in GLSA-200707-04 GNU C Library: Integer overflow Tavis Ormandy of the Gentoo Linux Security Team discovered a flaw in the handling of the hardware capabilities mask by the dynamic loader. If a mask is specified with a high population...

[SA18296] OpenBSD suid Programs File Re-Opening Vulnerability

TITLE: OpenBSD suid Programs File Re-Opening Vulnerability SECUNIA ADVISORY ID: SA18296 VERIFY ADVISORY: http://secunia.com/advisories/18296/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: Local system OPERATING SYSTEM: OpenBSD 3.x http://secunia.com/product/100/ DESCRIPTION: A...

Debian DSA-039-1 : glibc

The version of GNU libc that was distributed with Debian GNU/Linux 2.2 suffered from 2 security problems : - It was possible to use LDPRELOAD to load libraries that are listed in /etc/ld.so.cache, even for suid programs. This could be used to create and overwrite files which a user should not be...

Solaris ld.so.1 buffer overflow

OVERVIEW ======== There is a buffer overflow vulnerability in the Solaris runtime linker, /lib/ld.so.1. A local user can gain elevated privileges if there are any dynamically linked, executable SUID/SGID programs in the filesystem. On a typical Solaris installation most or all SUID/SGID programs...

[CLA-2002:529] Conectiva Linux Security Announcement - XFree86

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : XFree86 SUMMARY : Local vulnerabilities DATE :...

Multiple vulnerabilities in QNX

I think I found what appears to be several or one fundamental vulnerabilities under QNXtested on version 4.25. I have not found any documentation/reference to these anywhere, so I assume they/it were not known. Importance of the bug: any local user can gain root accesswhich, under QNX, means root...

A possible buffer overflow in libnewt

Hi! When I am debugging my little program which used libnewt,I found a possible buffer overflow in libnewt. libnewt is widely used by configuration program in redhat.Because there is no suid program use libnewt in my redhat 6.2 environment,it seems this bug can't be used to gain root.But if there...

[RHSA-2001:001-05] glibc file read or write access local vulnerability

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: glibc file read or write access local vulnerability Advisory ID: RHSA-2001:001-05 Issue date: 2001-01-11 Updated on: 2001-01-11 Product: Red Hat Linux Keywords: glibc...

Solaris 2.6/7.0 /locale - Subsystem Format String

/ source: https://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide internationalization support according to the...

Libc locale - Local Privilege Escalation (2)

Libc locale - Local Privilege Escalation 2 / source: https://www.securityfocus.com/bid/1634/info ectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...

Libc locale - Local Privilege Escalation (1)

Libc locale - Local Privilege Escalation 1 / source: https://www.securityfocus.com/bid/1634/info ectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...

Immunix OS 6.2 - LC glibc format string

Immunix OS 6.2 - LC glibc format string / source: https://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...

linux_GNOME_exploit.txt

Greetings, Virtually any program using the GNOME libraries is vulnerable to a buffer overflow attack. The attack comes in the form: /path/to/gnome/prog --enable-sound --espeaker=$80bytebuffer The following exploit should work against any GNOME program, though I tried it on the irony...

midnight-commander-tty.txt

Date: Sun, 6 Sep 1998 00:53:24 +0200 From: Michal Zalewski To: [email protected] Subject: Sendmail, lynx, Netscape, sshd, Linux kernel twice More kernel 'things' - tty allocation ------------------------------------- Hmm, I've posted it months ago, and I have no idea why it hasn't been approve...