The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.
5c8f473ce950d3d7fc4a502cd31cbb68d69766f0ee3d50da6ac20921262a4c65This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker with libmemusage.so library.
866ac744c655ede9c376e4a47945a3a0e64a8cdb089b30ec2822adfef9bb9512This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LD_AUDIT environment variable when loading setuid executables. This allows loading arbitrary shared objects from the trusted library search path with the privileges of the suid user. This Metasploit module uses LD_AUDIT to load the libpcprofile.so shared object, distributed with some versions of glibc, and leverages arbitrary file creation functionality in the library constructor to write a root-owned world-writable file to a system trusted search path (usually /lib). The file is then overwritten with a shared object then loaded with LD_AUDIT resulting in arbitrary code execution. This Metasploit module has been tested successfully on glibc version 2.11.1 on Ubuntu 10.04 x86_64 and version 2.7 on Debian 5.0.4 i386. RHEL 5 is reportedly affected, but untested. Some glibc distributions do not contain the libpcprofile.so library required for successful exploitation.
79d3dcb40544179ef2c545514e54b7352e225d51c57c720672f33d1b717c00e5GNU libc versions 2.12.1 and below LD_AUDIT libmemusage.so local root exploit.
b0f0cc6fe6c822efac1097b42f5743176fc7620d8aed638fb40cc3cbfc95d1e5GNU libc versions 2.12.1 and below LD_AUDIT libpcprofile.so local root exploit.
11997246f78036a9735342aed99ef6bbde5fdf224f85ba7703ee81308de43badLocal root exploit for Glibc versions 2.11.3 and 2.12.x utilizing LD_AUDIT libmemusage.so.
dbe0977154f9ed4331b96211af365a5ddd2b1de1c5253179073a44cea5e541e3glibc LD_AUDIT arbitrary DSO load local root exploit that leverages a race condition to escalate privileges.
8c9850741e5f8fca1981297aa3458369e2f156d2152d098c2e4d2f48ebf2a8c0Ubuntu Security Notice 1009-2 - USN-1009-1 fixed vulnerabilities in the GNU C library. Colin Watson discovered that the fixes were incomplete and introduced flaws with setuid programs loading libraries that used dynamic string tokens in their RPATH. If the "man" program was installed setuid, a local attacker could exploit this to gain "man" user privileges, potentially leading to further privilege escalations. Default Ubuntu installations were not affected. Tavis Ormandy discovered multiple flaws in the GNU C Library's handling of the LD_AUDIT environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges.
1ed0eef1d731d25df2ea7bc7567ca9f69517f30679fa8e16dabd5f20bb49fd9aDebian Linux Security Advisory 2122-2 - Colin Watson discovered that the update for stable released in DSA-2122-1 did not complete address the underlying security issue in all possible scenarios.
3860213fd8ec52be5e04327afe52e5b2dc33b4120e52003debbd523b092c0bceVMware Security Advisory 2011-0001 - ESX 4.0 Service Console OS (COS) updates for glibc, sudo, and openldap packages.
c46f8a177cb54cdf53c56e8c0fc1617a7a611c96438fab66c017b274544829edGNU C library (glibc) local root exploit (uid=0,gid=0) that leverages a ld.so arbitrary DSO loading via LD_AUDIT vulnerability.
a166f09637f10d8f9c395ecc8e4a485484727fbc73b491608d365b355986f067Gentoo Linux Security Advisory 201011-1 - Multiple vulnerabilities were found in glibc, the worst of which allowing local attackers to execute arbitrary code as root. Multiple vulnerabilities were found in glibc, amongst others the widely-known recent LD_AUDIT and $ORIGIN issues. For further information please consult the CVE entries referenced below. Versions less than 2.11.2-r3 are affected.
e7fd1080a732debd69f8864702d36b5571373a61bee34c47c11be74bc1e37420Whitepaper discussing how to go from having a webshell to getting remote root using the GNU dynamic linker DSO vulnerability on Debian versions 5.0.6 and below and Ubuntu versions 10.04 and below.
ae6f799792df2bc63f6efc669e1ba990189cb2b0e37eae9470cd60171c0c72baMandriva Linux Security Advisory 2010-212 - A vulnerability in the GNU C library was discovered which could escalate the privileges for local users.
27824cb5ad39df45b578745df06ac49ee7e9dd151aff60c35aa46455813df0c3Ubuntu Security Notice 1009-1 - Tavis Ormandy discovered multiple flaws in the GNU C Library's handling of the LD_AUDIT environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges.
436a2e4feaa4238d9dba3a9f3b177ddc072f40c78aff95073498c45ecf37ac5cDebian Linux Security Advisory 2122-1 - Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LD_AUDIT environment variable.
857fca073644547dae968ea11ffbcdca81c4d210891ea09f1af7219cd193c2c6The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.
56712911c7ae4fe887c781b84ff85146b9dcdb7cd4f854c31d844764ea7f5191
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed