what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

CVE-2010-3856

Status Candidate

Overview

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.

Related Files

WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
Posted Jun 13, 2019
Authored by T. Weber | Site sec-consult.com

The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.

tags | exploit, vulnerability
advisories | CVE-2010-0296, CVE-2010-3856, CVE-2011-2716, CVE-2011-5325, CVE-2012-4412, CVE-2013-1813, CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-0235, CVE-2015-1472, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2016-6301, CVE-2019-12550
MD5 | a09f936638884fd22851a65866810bad
glibc LD_AUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation
Posted Mar 30, 2018
Authored by Marco Ivaldi, Tavis Ormandy, Todor Donev, zx2c4, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker with libmemusage.so library.

tags | exploit, root
systems | linux
advisories | CVE-2010-3847, CVE-2010-3856
MD5 | 82d002207d92e79c81d147d0cbc73594
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
Posted Feb 10, 2018
Authored by Marco Ivaldi, Tavis Ormandy, Todor Donev, zx2c4, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LD_AUDIT environment variable when loading setuid executables. This allows loading arbitrary shared objects from the trusted library search path with the privileges of the suid user. This Metasploit module uses LD_AUDIT to load the libpcprofile.so shared object, distributed with some versions of glibc, and leverages arbitrary file creation functionality in the library constructor to write a root-owned world-writable file to a system trusted search path (usually /lib). The file is then overwritten with a shared object then loaded with LD_AUDIT resulting in arbitrary code execution. This Metasploit module has been tested successfully on glibc version 2.11.1 on Ubuntu 10.04 x86_64 and version 2.7 on Debian 5.0.4 i386. RHEL 5 is reportedly affected, but untested. Some glibc distributions do not contain the libpcprofile.so library required for successful exploitation.

tags | exploit, arbitrary, root, code execution
systems | linux, debian, ubuntu
advisories | CVE-2010-3847, CVE-2010-3856
MD5 | 2bf9e1106acf9e1f0a7b618fe7f2da3f
GNU libc 2.12.1 LD_AUDIT libmemusage.so Local Root
Posted Nov 6, 2014
Authored by Saeid Bostandoust

GNU libc versions 2.12.1 and below LD_AUDIT libmemusage.so local root exploit.

tags | exploit, local, root
advisories | CVE-2010-3856
MD5 | 5bfa019bccab1a1cbfe528ca1cfd9fb9
GNU libc 2.12.1 LD_AUDIT libpcprofile.so Local Root
Posted Nov 6, 2014
Authored by Saeid Bostandoust

GNU libc versions 2.12.1 and below LD_AUDIT libpcprofile.so local root exploit.

tags | exploit, local, root
advisories | CVE-2010-3856
MD5 | cb2175ff5a52d9a12f33f318ce9d2286
Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root
Posted May 17, 2013
Authored by Todor Donev

Local root exploit for Glibc versions 2.11.3 and 2.12.x utilizing LD_AUDIT libmemusage.so.

tags | exploit, local, root
advisories | CVE-2010-3856
MD5 | 8abdadf40a3d14c3ebe5c109b434dcdc
glibc LD_AUDIT Privilege Escalation
Posted Nov 10, 2011
Authored by zx2c4

glibc LD_AUDIT arbitrary DSO load local root exploit that leverages a race condition to escalate privileges.

tags | exploit, arbitrary, local, root
advisories | CVE-2010-3856
MD5 | 040e70e9bcf90b836fd3dd059e51a15e
Ubuntu Security Notice USN-1009-2
Posted Jan 13, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1009-2 - USN-1009-1 fixed vulnerabilities in the GNU C library. Colin Watson discovered that the fixes were incomplete and introduced flaws with setuid programs loading libraries that used dynamic string tokens in their RPATH. If the "man" program was installed setuid, a local attacker could exploit this to gain "man" user privileges, potentially leading to further privilege escalations. Default Ubuntu installations were not affected. Tavis Ormandy discovered multiple flaws in the GNU C Library's handling of the LD_AUDIT environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges.

tags | advisory, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-3856
MD5 | 9eba3ffee59191d0b96f2e2ae289b181
Debian Security Advisory 2122-2
Posted Jan 12, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2122-2 - Colin Watson discovered that the update for stable released in DSA-2122-1 did not complete address the underlying security issue in all possible scenarios.

tags | advisory
systems | linux, debian
advisories | CVE-2010-3847, CVE-2010-3856
MD5 | 1614690068b7a0c1dc543ac37531eeca
VMware Security Advisory 2011-0001
Posted Jan 6, 2011
Authored by VMware | Site vmware.com

VMware Security Advisory 2011-0001 - ESX 4.0 Service Console OS (COS) updates for glibc, sudo, and openldap packages.

tags | advisory
advisories | CVE-2010-0211, CVE-2010-0212, CVE-2010-2956, CVE-2010-3847, CVE-2010-3856
MD5 | 885d7ccf5915c856af898922a2b80e13
GNU C Library Local Root Exploit
Posted Dec 5, 2010
Authored by tempe_mendoan | Site devilzc0de.org

GNU C library (glibc) local root exploit (uid=0,gid=0) that leverages a ld.so arbitrary DSO loading via LD_AUDIT vulnerability.

tags | exploit, arbitrary, local, root
advisories | CVE-2010-3856
MD5 | 29d8f68ea32ea9baf0faa7fba84385a4
Gentoo Linux Security Advisory 201011-01
Posted Nov 16, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201011-1 - Multiple vulnerabilities were found in glibc, the worst of which allowing local attackers to execute arbitrary code as root. Multiple vulnerabilities were found in glibc, amongst others the widely-known recent LD_AUDIT and $ORIGIN issues. For further information please consult the CVE entries referenced below. Versions less than 2.11.2-r3 are affected.

tags | advisory, arbitrary, local, root, vulnerability
systems | linux, gentoo
advisories | CVE-2009-4880, CVE-2009-4881, CVE-2010-0296, CVE-2010-0830, CVE-2010-3847, CVE-2010-3856
MD5 | 5cea4225da35cf3fb30d0ffed4cc46a2
Debian 5.0.6 / Ubuntu 10.04 Webshell To Remote Root
Posted Oct 28, 2010
Authored by jmit

Whitepaper discussing how to go from having a webshell to getting remote root using the GNU dynamic linker DSO vulnerability on Debian versions 5.0.6 and below and Ubuntu versions 10.04 and below.

tags | exploit, remote, root
systems | linux, debian, ubuntu
advisories | CVE-2010-3856
MD5 | b5d2edb70a3955504df2b49334ec19bf
Mandriva Linux Security Advisory 2010-212
Posted Oct 27, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-212 - A vulnerability in the GNU C library was discovered which could escalate the privileges for local users.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2010-3856
MD5 | 1cf6e073e5f36bc896f01b6a9cae5e86
Ubuntu Security Notice 1009-1
Posted Oct 27, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1009-1 - Tavis Ormandy discovered multiple flaws in the GNU C Library's handling of the LD_AUDIT environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2010-3847, CVE-2010-3856
MD5 | f9a7f5b0ad053bed71d722c917ea4c87
Debian Linux Security Advisory 2122-1
Posted Oct 22, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2122-1 - Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LD_AUDIT environment variable.

tags | advisory, local, root
systems | linux, debian
advisories | CVE-2010-3847, CVE-2010-3856
MD5 | 63caa486471c8f786f73a386441d0b72
GNU C Library Dynamic Linker Arbitrary DSO dlopen
Posted Oct 22, 2010
Authored by Tavis Ormandy

The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.

tags | exploit, arbitrary
advisories | CVE-2010-3856
MD5 | e7a75708a976f650e0b0463308ae23b0
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    10 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close