glibc: ld.so insecure handling of $ORIGIN in LD_AUDIT for setuid/setgid programs

elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...

glibc: ld.so arbitrary DSO loading via LD_AUDIT in setuid/setgid programs

ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...

IBM OmniFind Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits =============================================== IBM OmniFind Privilege Escalation Vulnerability =============================================== Privilege escalation in two applications CVE-2010-3895 Root SUID bits are set for the application...

Mandriva Linux Security Advisory : mysql (MDVSA-2010:222)

Multiple vulnerabilities were discovered and corrected in mysql : - Joins involving a table with with a unique SET column could cause a server crash CVE-2010-3677. - Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash CVE-2010-3680. - The server could crash if there we...

Google Chrome multiple vulnerabilities - October 10(Linux)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnoct10lin.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - October 10Linux Authors: Madhuri D Copyright: Copyright c 2010 Greenbone...

BloofoxCMS 0.3.5 SQL Injection

Vulnerability ID: HTB22658 Reference: http://www.htbridge.ch/advisory/sqlinjectioninbloofoxcmsregistrationplugin.html Product: BloofoxCMS Vendor: bloofox.com http://bloofox.com/ Vulnerable Version: 0.3.5 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type: SQL...

BloofoxCMS Registration Plugin SQL Injection Vulnerability

Exploit for php platform in category web applications ========================================================== BloofoxCMS Registration Plugin SQL Injection Vulnerability ========================================================== Reference:...

BloofoxCMS Registration Plugin - SQL Injection

Vulnerability ID: HTB22658 Reference: http://www.htbridge.ch/advisory/sqlinjectioninbloofoxcmsregistrationplugin.html Product: BloofoxCMS Vendor: bloofox.com http://bloofox.com/ Vulnerable Version: 0.3.5 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type: SQL...

Ubuntu: Security Advisory (USN-1009-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for glibc, eglibc vulnerabilities USN-1009-1

Ubuntu Update for Linux kernel vulnerabilities USN-1009-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10091.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for glibc, eglibc vulnerabilities USN-1009-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Debian DSA-2122-1 : glibc - missing input sanitization

Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LDAUDIT environment variable. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debi...

[SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalation

------------------------------------------------------------------------ Debian Security Advisory DSA-2122-1 [email protected] http://www.debian.org/security/ Florian Weimer October 22, 2010 http://www.debian.org/security/faq -...

CVE-2010-4039

Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors...

Path traversal

Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors...

CVE-2010-4039

CVE-2010-4039 affects Google Chrome on Linux prior to 7.0.517.41 where the process fails to properly set the PATH environment variable. The description does not specify the exact impact or attack vectors; vulnerability details are limited to this PATH handling issue. Open-source/ANSI references i...

USN-997-1: Firefox and Xulrunner vulnerabilities

Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the...

Oracle Solaris su NULL Pointer

From http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/su/su.c 521 for j = 0; initenvj != 0; j++ 1 522 if initvar = getenvinitenvj 2 ... 535 else 536 var = char 537 mallocstrleninitenvj 3 538 + strleninitvar 539 + 2; 540 void strcpyvar, initenvj; 4 'su' when creating new environme...

MySQL Community Server 5.1 < 5.1.51 Multiple Denial of Service Vulnerabilities

Binary data 801142.prm...

MySQL Community Server 5.1 < 5.1.51 Multiple Denial of Service Vulnerabilities

Binary data 5677.prm...

Microsoft Office Excel String Variable Code Execution (MS10-038; CVE-2010-1252)

Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The common extension used for Microsoft Excel documents is .xls or .xlw...