GNU libc versions 2.12.1 and below LD_AUDIT libmemusage.so local root exploit.
b0f0cc6fe6c822efac1097b42f5743176fc7620d8aed638fb40cc3cbfc95d1e5Mandriva Linux Security Advisory 2012-129 - The decompress function in ncompress allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted. Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues. The wrong set of packages was sent out with the MDVSA-2012:129 advisory that lacked the fix for CVE-2006-1168. This advisory provides the correct packages.
c7875eb533c9d6beb3425c1a97fe6ed841b9a1c6086b68f13fd555c85ebb7760Mandriva Linux Security Advisory 2012-129 - The decompress function in ncompress allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted. Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues.
741a2545d765d1e9854cdcbf178dc20b6ca0f8fc1357ad76b6a268fa5cadabc4Secunia Security Advisory - A security issue has been reported in the Apache Libcloud, which can be exploited by malicious people to conduct spoofing attacks.
d1d5fe805cc6958dfef07a0f9e383a7e8dd359745fd81685c4e0b39cf0325118Apache Libcloud versions 0.4.2 through 0.11.1 suffer from a possible man-in-the-middle condition. When establishing a secure (SSL / TLS) connection to a target server an invalid regular expression has been used for performing the hostname verification. Subset instead of the full target server hostname has been marked as an acceptable match for the given hostname.
9e708dbf4b24b26ef40d5b23c71eaa9fae3674a5663c7c3350ac8e0bede741feA patch introduced a signedness bug causing any program compiled against the vulnerable version of eglibc and using optimized functions such as memcpy_ssse3 and memcpy-ssse3-back to be potentially vulnerable to unexpected code execution.
25b911fe8b4f2b91e78c752029493fa3f38d85cdc1a956089b72d784bc277137The libcap-ng library is intended to make programming with POSIX capabilities much easier than the traditional libcap library. It includes utilities that can analyze all currently running applications to locate applications that may have too many privileges.
369682b2e5a5716a6271a6c5db9a43e3809e91acfb08438c0d3de2fec1284a35Red Hat Security Advisory 2012-1098-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple errors in glibc's formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.
a4403bcb8e6ea39cef9f81f3176ba1bb2782088e2076dfc97ee09e39f03e3438Red Hat Security Advisory 2012-1097-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca(). This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.
1c4404ac353004ea4bc37b5126608f16e0e060649ba8f8ba172c59bb8a07d6a2Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
9897b37f6a6a7380f2b1a3104f85aedcea9b84b5400594a0944e88925eada2e7Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
2f1ba76561161a4b1b0a817d76cb62c817dd94f5aeb98806a1a2cb79ca795bb4Red Hat Security Advisory 2012-0397-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. All users of glibc are advised to upgrade to these updated packages, which contain a patch to resolve this issue.
0036797987fe157b69b95604a2713b21fc1006dc352d46cb79b8d8274bba60f4Red Hat Security Advisory 2012-0393-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.
9584ce2809274f64b485b1dc9666fef4cd4ec622bd9c89cf2b2a693816d774f6Secunia Security Advisory - Red Hat has issued an update for glibc. This fixes multiple weaknesses, a security issue, and multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, by malicious users to potentially compromise a vulnerable system, and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
96fe417ac0ba4e6ebf6fdd8cec24955bf96596002f01f99eab4bf50100cbaa65Secunia Security Advisory - Red Hat has issued an update for glibc. This fixes a weakness, a security issue, and multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), by malicious users to compromise a vulnerable system, and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
5002d83c3fe672232998f43c89bc7598171d37a416d1efd6e3c393c9a5dc406dSlackware Security Advisory - New vsftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to work around a vulnerability in glibc.
9182594cd3b4a23e809c116e946111ee749c388a3e3e18fb824e2fce90d24d63Red Hat Security Advisory 2012-0126-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
3b7ccb288005567bcb6ab370f9280d8682c2ca10e865207f64c9425f27b41889Red Hat Security Advisory 2012-0125-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
b6e05a59af39b290a68a9fe97a9154b04697ee0e444b07fea716715d9493bda2Slackware Security Advisory - New glibc packages are available for Slackware 13.1, 13.37, and -current to fix a security issue.
324ce26decb8d41cdd4235e0b46d83973c6dffa1a1d9e6d628218c5bfedf43a5Secunia Security Advisory - Red Hat has issued an update for glibc. This fixes two vulnerabilities, which can be exploited by malicious users to potentially compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service).
822025c014daeca3177cc1d9629a97a86916791610dd79526cf6065d1abe20cbRed Hat Security Advisory 2012-0058-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
d4d1780461ee1cfaa9d79baa47a009d2377c5860a1e2cf3da7318da99a2c5585Secunia Security Advisory - SUSE has issued an update for glibc. This fixes a vulnerability, which potentially can be exploited by malicious users to compromise a vulnerable system.
f9154f0dc632f858d07f2391022053e6e241ce61ceb43ca154099c44276fbb8aTor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
36a982d6aa03aaa511252b1130ed6b0d14a80d24eb675d1ca2e4a1ef05fd6b8eTor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
ac457a33c004f3bd3a25772290cda9731e40b46e0e85df2b2dfc7e8e8804b497Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.
9f962a1146b166cb12019ea5b182eacc2cc8694e655e19753e3b166705565b31This is a write up that discusses exploiting the glibc __tzfile_read integer overflow to buffer overflow and leveraging Vsftpd.
aa2f52177ccb0dba0def1cbf1e6bb31a25c445b615e0289658b51067f794493e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed