Twenty Year Anniversary
Showing 1 - 25 of 100 RSS Feed

Files

glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
Posted Feb 10, 2018
Authored by Marco Ivaldi, Tavis Ormandy, Todor Donev, zx2c4, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LD_AUDIT environment variable when loading setuid executables. This allows loading arbitrary shared objects from the trusted library search path with the privileges of the suid user. This Metasploit module uses LD_AUDIT to load the libpcprofile.so shared object, distributed with some versions of glibc, and leverages arbitrary file creation functionality in the library constructor to write a root-owned world-writable file to a system trusted search path (usually /lib). The file is then overwritten with a shared object then loaded with LD_AUDIT resulting in arbitrary code execution. This Metasploit module has been tested successfully on glibc version 2.11.1 on Ubuntu 10.04 x86_64 and version 2.7 on Debian 5.0.4 i386. RHEL 5 is reportedly affected, but untested. Some glibc distributions do not contain the libpcprofile.so library required for successful exploitation.

tags | exploit, arbitrary, root, code execution
systems | linux, debian, ubuntu
advisories | CVE-2010-3847, CVE-2010-3856
MD5 | 2bf9e1106acf9e1f0a7b618fe7f2da3f

Related Files

Slackware Security Advisory - glibc Updates
Posted Sep 19, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4332
MD5 | 23e9f1dcf1c1e55e99bac9512a3c26e4
Eglibc PTR MANGLE Bug
Posted Jul 16, 2013
Authored by Hector Marco, Ismael Ripoll

Eglibc suffers from a PTR MANGLE bug. All statically linked applications compiled with glibc and eglibc are affected, independent of the operating system distribution. Note that this problem is not solved by only patching the eglibc, but it is also necessary to recompile all static executables. Proof of concept exploit included.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2013-4788
MD5 | 950ed842b41474f594ac66691fbda019
Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root
Posted May 17, 2013
Authored by Todor Donev

Local root exploit for Glibc versions 2.11.3 and 2.12.x utilizing LD_AUDIT libmemusage.so.

tags | exploit, local, root
advisories | CVE-2010-3856
MD5 | 8abdadf40a3d14c3ebe5c109b434dcdc
Mandriva Linux Security Advisory 2013-163
Posted May 8, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-163 - Buffer overflow in the extend_buffers function in the regular expression matcher in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service via crafted multibyte characters. Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library 2.17 and earlier allows remote attackers to cause a denial of service IP address that triggers a large number of domain conversion results. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow
systems | linux, osx, mandriva
advisories | CVE-2013-0242, CVE-2013-1914
MD5 | 891a4b3eacecdc1b2344974e4ac0738d
Mandriva Linux Security Advisory 2013-162
Posted May 8, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-162 - Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. Multiple errors in glibc's formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. Various other issues were also addressed. The updated packages have been patched to correct these issues.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0864, CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480, CVE-2013-0242, CVE-2013-1914
MD5 | c79ae96e6d7bb965b8852b21324fc1d1
sudo 1.8.3p1 Local Root
Posted May 1, 2013
Authored by aeon flux

sudo versions 1.8.0 through 1.8.3p1 sudo_debug root exploit with glibc FORTIFY_SOURCE bypass.

tags | exploit, root
advisories | CVE-2012-0864, CVE-2012-0809
MD5 | be03570962444ddae2e8a92a4a6f50c9
Red Hat Security Advisory 2013-0769-01
Posted Apr 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0769-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.

tags | advisory
systems | linux, redhat, osx
advisories | CVE-2013-0242, CVE-2013-1914
MD5 | a1ea14576cb5a50317abe3fc0fa7840f
Red Hat Security Advisory 2013-0519-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0519-02 - OpenSSH is OpenBSD's Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. Due to the way the pam_ssh_agent_auth PAM module was built in Red Hat Enterprise Linux 6, the glibc's error() function was called rather than the intended error() function in pam_ssh_agent_auth to report errors. As these two functions expect different arguments, it was possible for an attacker to cause an application using pam_ssh_agent_auth to crash, disclose portions of its memory or, potentially, execute arbitrary code.

tags | advisory, arbitrary, shell, protocol
systems | linux, redhat, openbsd
advisories | CVE-2012-5536
MD5 | 842e4acf6a52a71609a5b15a544fccbf
Secunia Security Advisory 50831
Posted Oct 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for eglibc and glibc. This fixes some weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

tags | advisory, denial of service
systems | linux, ubuntu
MD5 | 44d2c9e5e3db2384bdec6910db858bb4
Slackware Security Advisory - glibc Updates
Posted Sep 4, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New glibc packages are available for Slackware 13.1, 13.37, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-3480
MD5 | 9aa14de3d23a60fd8ea07a5197281367
Secunia Security Advisory 50422
Posted Aug 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for glibc. This fixes some weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

tags | advisory, denial of service
systems | linux, redhat
MD5 | fec6b24b62b270a9a85d1032f5c01ca1
Red Hat Security Advisory 2012-1208-01
Posted Aug 28, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1208-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation, strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-3480
MD5 | 89ba9264dc0db552792d3a16603aa8fd
Red Hat Security Advisory 2012-1207-01
Posted Aug 28, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1207-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation, strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-3480
MD5 | b4c5751d911147c6dd284c77b48933f1
Red Hat Security Advisory 2012-1200-01
Posted Aug 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1200-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Multiple errors in glibc's formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2012-3404, CVE-2012-3405, CVE-2012-3406
MD5 | cab82f68bceb98c22f9460a18e98eb4f
Red Hat Security Advisory 2012-1185-01
Posted Aug 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1185-01 - The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca(). This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2012-3406
MD5 | 64bf8f27582652bc6258eda070bc5ad9
eGlibc Signedness Code Execution
Posted Aug 1, 2012
Authored by c0ntex

A patch introduced a signedness bug causing any program compiled against the vulnerable version of eglibc and using optimized functions such as memcpy_ssse3 and memcpy-ssse3-back to be potentially vulnerable to unexpected code execution.

tags | exploit, code execution
advisories | CVE-2011-2702
MD5 | 0118c7235154fbe0b55f82748fc0a10c
Red Hat Security Advisory 2012-1098-01
Posted Jul 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1098-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple errors in glibc's formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2012-3404, CVE-2012-3405, CVE-2012-3406
MD5 | df609c89636fdcb893f18d5642bf564a
Red Hat Security Advisory 2012-1097-01
Posted Jul 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1097-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca(). This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2012-3406
MD5 | 52c3f6425345cdf712fcfe1d0f139e65
Red Hat Security Advisory 2012-0397-01
Posted Mar 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0397-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. All users of glibc are advised to upgrade to these updated packages, which contain a patch to resolve this issue.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-0864
MD5 | 0b1e438c26717b923003ac698aa0465d
Red Hat Security Advisory 2012-0393-01
Posted Mar 16, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0393-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-0864
MD5 | 50dfa6117a76e1d53ce2ae1cdf94420e
Secunia Security Advisory 47970
Posted Feb 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for glibc. This fixes multiple weaknesses, a security issue, and multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, by malicious users to potentially compromise a vulnerable system, and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

tags | advisory, denial of service, local, vulnerability
systems | linux, redhat
MD5 | 7ba289dfda448b922fd6ee8baa915cc6
Secunia Security Advisory 47962
Posted Feb 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for glibc. This fixes a weakness, a security issue, and multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), by malicious users to compromise a vulnerable system, and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service, local, vulnerability
systems | linux, redhat
MD5 | ff8b5998f254bbc50f3e97e21e920437
Slackware Security Advisory - vsftpd Updates
Posted Feb 14, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New vsftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to work around a vulnerability in glibc.

tags | advisory
systems | linux, slackware
MD5 | b81870244e6f937dccf95b385f223ad6
Red Hat Security Advisory 2012-0126-01
Posted Feb 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0126-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609
MD5 | 04aac618203b70bf0f18fb8d24c46efc
Red Hat Security Advisory 2012-0125-01
Posted Feb 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0125-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2009-5029, CVE-2009-5064, CVE-2010-0296, CVE-2010-0830, CVE-2011-1071, CVE-2011-1089, CVE-2011-1095, CVE-2011-1659, CVE-2011-4609
MD5 | 864ed57afca2c884fc017d61f81beecf
Page 1 of 4
Back1234Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    14 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close