exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

CVE-2010-3856

Status Candidate

Overview

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.

Related Files

WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
Posted Jun 13, 2019
Authored by T. Weber | Site sec-consult.com

The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.

tags | exploit, vulnerability
advisories | CVE-2010-0296, CVE-2010-3856, CVE-2011-2716, CVE-2011-5325, CVE-2012-4412, CVE-2013-1813, CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-0235, CVE-2015-1472, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2016-6301, CVE-2019-12550
SHA-256 | 5c8f473ce950d3d7fc4a502cd31cbb68d69766f0ee3d50da6ac20921262a4c65
glibc LD_AUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation
Posted Mar 30, 2018
Authored by Marco Ivaldi, Tavis Ormandy, Todor Donev, zx2c4, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker with libmemusage.so library.

tags | exploit, root
systems | linux
advisories | CVE-2010-3847, CVE-2010-3856
SHA-256 | 866ac744c655ede9c376e4a47945a3a0e64a8cdb089b30ec2822adfef9bb9512
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
Posted Feb 10, 2018
Authored by Marco Ivaldi, Tavis Ormandy, Todor Donev, zx2c4, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LD_AUDIT environment variable when loading setuid executables. This allows loading arbitrary shared objects from the trusted library search path with the privileges of the suid user. This Metasploit module uses LD_AUDIT to load the libpcprofile.so shared object, distributed with some versions of glibc, and leverages arbitrary file creation functionality in the library constructor to write a root-owned world-writable file to a system trusted search path (usually /lib). The file is then overwritten with a shared object then loaded with LD_AUDIT resulting in arbitrary code execution. This Metasploit module has been tested successfully on glibc version 2.11.1 on Ubuntu 10.04 x86_64 and version 2.7 on Debian 5.0.4 i386. RHEL 5 is reportedly affected, but untested. Some glibc distributions do not contain the libpcprofile.so library required for successful exploitation.

tags | exploit, arbitrary, root, code execution
systems | linux, debian, ubuntu
advisories | CVE-2010-3847, CVE-2010-3856
SHA-256 | 79d3dcb40544179ef2c545514e54b7352e225d51c57c720672f33d1b717c00e5
GNU libc 2.12.1 LD_AUDIT libmemusage.so Local Root
Posted Nov 6, 2014
Authored by Saeid Bostandoust

GNU libc versions 2.12.1 and below LD_AUDIT libmemusage.so local root exploit.

tags | exploit, local, root
advisories | CVE-2010-3856
SHA-256 | b0f0cc6fe6c822efac1097b42f5743176fc7620d8aed638fb40cc3cbfc95d1e5
GNU libc 2.12.1 LD_AUDIT libpcprofile.so Local Root
Posted Nov 6, 2014
Authored by Saeid Bostandoust

GNU libc versions 2.12.1 and below LD_AUDIT libpcprofile.so local root exploit.

tags | exploit, local, root
advisories | CVE-2010-3856
SHA-256 | 11997246f78036a9735342aed99ef6bbde5fdf224f85ba7703ee81308de43bad
Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root
Posted May 17, 2013
Authored by Todor Donev

Local root exploit for Glibc versions 2.11.3 and 2.12.x utilizing LD_AUDIT libmemusage.so.

tags | exploit, local, root
advisories | CVE-2010-3856
SHA-256 | dbe0977154f9ed4331b96211af365a5ddd2b1de1c5253179073a44cea5e541e3
glibc LD_AUDIT Privilege Escalation
Posted Nov 10, 2011
Authored by zx2c4

glibc LD_AUDIT arbitrary DSO load local root exploit that leverages a race condition to escalate privileges.

tags | exploit, arbitrary, local, root
advisories | CVE-2010-3856
SHA-256 | 8c9850741e5f8fca1981297aa3458369e2f156d2152d098c2e4d2f48ebf2a8c0
Ubuntu Security Notice USN-1009-2
Posted Jan 13, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1009-2 - USN-1009-1 fixed vulnerabilities in the GNU C library. Colin Watson discovered that the fixes were incomplete and introduced flaws with setuid programs loading libraries that used dynamic string tokens in their RPATH. If the "man" program was installed setuid, a local attacker could exploit this to gain "man" user privileges, potentially leading to further privilege escalations. Default Ubuntu installations were not affected. Tavis Ormandy discovered multiple flaws in the GNU C Library's handling of the LD_AUDIT environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges.

tags | advisory, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-3856
SHA-256 | 1ed0eef1d731d25df2ea7bc7567ca9f69517f30679fa8e16dabd5f20bb49fd9a
Debian Security Advisory 2122-2
Posted Jan 12, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2122-2 - Colin Watson discovered that the update for stable released in DSA-2122-1 did not complete address the underlying security issue in all possible scenarios.

tags | advisory
systems | linux, debian
advisories | CVE-2010-3847, CVE-2010-3856
SHA-256 | 3860213fd8ec52be5e04327afe52e5b2dc33b4120e52003debbd523b092c0bce
VMware Security Advisory 2011-0001
Posted Jan 6, 2011
Authored by VMware | Site vmware.com

VMware Security Advisory 2011-0001 - ESX 4.0 Service Console OS (COS) updates for glibc, sudo, and openldap packages.

tags | advisory
advisories | CVE-2010-0211, CVE-2010-0212, CVE-2010-2956, CVE-2010-3847, CVE-2010-3856
SHA-256 | c46f8a177cb54cdf53c56e8c0fc1617a7a611c96438fab66c017b274544829ed
GNU C Library Local Root Exploit
Posted Dec 5, 2010
Authored by tempe_mendoan | Site devilzc0de.org

GNU C library (glibc) local root exploit (uid=0,gid=0) that leverages a ld.so arbitrary DSO loading via LD_AUDIT vulnerability.

tags | exploit, arbitrary, local, root
advisories | CVE-2010-3856
SHA-256 | a166f09637f10d8f9c395ecc8e4a485484727fbc73b491608d365b355986f067
Gentoo Linux Security Advisory 201011-01
Posted Nov 16, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201011-1 - Multiple vulnerabilities were found in glibc, the worst of which allowing local attackers to execute arbitrary code as root. Multiple vulnerabilities were found in glibc, amongst others the widely-known recent LD_AUDIT and $ORIGIN issues. For further information please consult the CVE entries referenced below. Versions less than 2.11.2-r3 are affected.

tags | advisory, arbitrary, local, root, vulnerability
systems | linux, gentoo
advisories | CVE-2009-4880, CVE-2009-4881, CVE-2010-0296, CVE-2010-0830, CVE-2010-3847, CVE-2010-3856
SHA-256 | e7fd1080a732debd69f8864702d36b5571373a61bee34c47c11be74bc1e37420
Debian 5.0.6 / Ubuntu 10.04 Webshell To Remote Root
Posted Oct 28, 2010
Authored by jmit

Whitepaper discussing how to go from having a webshell to getting remote root using the GNU dynamic linker DSO vulnerability on Debian versions 5.0.6 and below and Ubuntu versions 10.04 and below.

tags | exploit, remote, root
systems | linux, debian, ubuntu
advisories | CVE-2010-3856
SHA-256 | ae6f799792df2bc63f6efc669e1ba990189cb2b0e37eae9470cd60171c0c72ba
Mandriva Linux Security Advisory 2010-212
Posted Oct 27, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-212 - A vulnerability in the GNU C library was discovered which could escalate the privileges for local users.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2010-3856
SHA-256 | 27824cb5ad39df45b578745df06ac49ee7e9dd151aff60c35aa46455813df0c3
Ubuntu Security Notice 1009-1
Posted Oct 27, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1009-1 - Tavis Ormandy discovered multiple flaws in the GNU C Library's handling of the LD_AUDIT environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2010-3847, CVE-2010-3856
SHA-256 | 436a2e4feaa4238d9dba3a9f3b177ddc072f40c78aff95073498c45ecf37ac5c
Debian Linux Security Advisory 2122-1
Posted Oct 22, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2122-1 - Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LD_AUDIT environment variable.

tags | advisory, local, root
systems | linux, debian
advisories | CVE-2010-3847, CVE-2010-3856
SHA-256 | 857fca073644547dae968ea11ffbcdca81c4d210891ea09f1af7219cd193c2c6
GNU C Library Dynamic Linker Arbitrary DSO dlopen
Posted Oct 22, 2010
Authored by Tavis Ormandy

The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.

tags | exploit, arbitrary
advisories | CVE-2010-3856
SHA-256 | 56712911c7ae4fe887c781b84ff85146b9dcdb7cd4f854c31d844764ea7f5191
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close