CVSS: 7.8EPSS: 0%CPEs: 58EXPL: 0CVE-2011-1658 – glibc: ld.so insecure handling of privileged programs' RPATHs with $ORIGIN
https://notcve.org/view.php?id=CVE-2011-1658
08 Apr 2011 — ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard... • http://secunia.com/advisories/46397 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 12CVE-2009-5064 – glibc: ldd unexpected code execution issue
https://notcve.org/view.php?id=CVE-2009-5064
30 Mar 2011 — ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc. **DISPUTADA** ldd en la Biblioteca de C de GNU (también conocida ... • http://openwall.com/lists/oss-security/2011/03/07/10 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 11%CPEs: 28EXPL: 9CVE-2010-4052 – GNU glibc - 'regcomp()' Stack Exhaustion Denial of Service
https://notcve.org/view.php?id=CVE-2010-4052
13 Jan 2011 — Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. Vulnerabilidad de lconsumo de pila de memoria en la aplicación regcomp en la Biblioteca de C de GNU (también conocido c... • https://packetstorm.news/files/id/125725 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 5%CPEs: 28EXPL: 8CVE-2010-4051 – GNU libc/regcomp - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4051
13 Jan 2011 — The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." La implementación de regcomp en la librería de C de GNU (también cono... • https://packetstorm.news/files/id/125725 •
CVSS: 7.8EPSS: 0%CPEs: 55EXPL: 9CVE-2010-3847 – glibc - '$ORIGIN' Expansion Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3847
07 Jan 2011 — elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. elf/dl-load.c de ld.so en la Biblioteca GNU C (también conocida como glibc o libc6) hasta v2.11.2, y v2.12.x hasta v2.12.1 no maneja adecuadamente un valor de $ORIGIN de la variable de entorno LD_AUDI... • https://packetstorm.news/files/id/146337 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 0%CPEs: 55EXPL: 9CVE-2010-3856 – glibc - 'LD_AUDIT' Arbitrary DSO Load Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3856
07 Jan 2011 — ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. ld.so en la librería de GNU C (también conocida como glibc o libc6) anteriores a v2.11.3, y v2.12.x anteriores a v2.12.2, no restringen el uso de ... • https://packetstorm.news/files/id/173661 • CWE-264: Permissions, Privileges, and Access Controls CWE-426: Untrusted Search Path •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3192
https://notcve.org/view.php?id=CVE-2010-3192
12 Oct 2010 — Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations... • http://seclists.org/fulldisclosure/2010/Apr/399 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 1CVE-2010-0296 – glibc: Improper encoding of names with certain special character in utilities for writing to mtab table
https://notcve.org/view.php?id=CVE-2010-0296
01 Jun 2010 — The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. La macro "encode_name" en "misc/mntent_r.c" en la Librería C GNU (también conocida como glibc or libc6) v2.11.1 y anteriores, como la usada por "ncpmoun... • https://packetstorm.news/files/id/153278 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 37EXPL: 4CVE-2009-4880 – GNU glibc 2.x - 'strfmon()' Integer Overflow
https://notcve.org/view.php?id=CVE-2009-4880
01 Jun 2010 — Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391. Múltiples desbordamientos de entero en la implementación "strfmon" en la Librería C GNU (también conocida como glibc or libc6) v2.10.1 y anterior... • https://www.exploit-db.com/exploits/33230 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 5%CPEs: 38EXPL: 0CVE-2010-0830 – glibc: ld.so d_tag signedness error in elf_get_dynamic_info
https://notcve.org/view.php?id=CVE-2010-0830
01 Jun 2010 — Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. Error de persistencia de signo en entero en la función "elf_get_dynamic_info" en "elf/dynamic-link.h" de la librería C GNU (también conocida como glibc o... • http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html • CWE-189: Numeric Errors •