Page 20 of 119 results (0.015 seconds)

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1

CVE-2011-0536 – GNU C library dynamic linker - '$ORIGIN' Expansion

https://notcve.org/view.php?id=CVE-2011-0536

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. Múltiples vulnerabilidades de ruta (path) de búsqueda no confiable en el archivo elf/dl-object.c en ciertas versiones modificadas de la Biblioteca C de GNU (también se conoce como glibc o libc6), incluyendo glibc-2.5-49.el5_5.6 y glibc-2.12-1.7.el6_0.3 en Red Hat Enterprise Linux, permite a los usuarios locales alcanzar privilegios por medio de un dynamic shared object (DSO) diseñado en un subdirectorio del directorio de trabajo actual durante la ejecución de un programa (1) setuid o (2) setgid que tiene $ORIGIN en (a) RPATH o (b) RUNPATH dentro del propio programa o una biblioteca referenciada. NOTA: este problema se presenta debido a una solución incorrecta de CVE-2010-3847. • https://www.exploit-db.com/exploits/15274 http://lists.debian.org/debian-security-announce/2011/msg00005.html http://openwall.com/lists/oss-security/2011/02/01/3 http://openwall.com/lists/oss-security/2011/02/03/2 http://secunia.com/advisories/43830 http://secunia.com/advisories/43989 http://secunia.com/advisories/46397 http://securitytracker.com/id?1025289 http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=96611391ad8823ba58405325d78cefeae5cdf699 http://www.mandriva.com/se • CWE-426: Untrusted Search Path •

CVSS: 6.9EPSS: 0%CPEs: 23EXPL: 12

CVE-2009-5064 – glibc: ldd unexpected code execution issue

https://notcve.org/view.php?id=CVE-2009-5064

ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc. **DISPUTADA** ldd en la Biblioteca de C de GNU (también conocida como glibc o libc6) v2.13 y anteriores permite a usuarios locales conseguir privilegios a través de un troyano ejecutable enlazado con un cargador modificado que omite los controles LD_TRACE_LOADED_OBJECTS determinados. NOTA: El desarrollador de la libreía C de GNU dice "Esto es un sinsentido. • http://openwall.com/lists/oss-security/2011/03/07/10 http://openwall.com/lists/oss-security/2011/03/07/13 http://openwall.com/lists/oss-security/2011/03/07/7 http://openwall.com/lists/oss-security/2011/03/08/1 http://openwall.com/lists/oss-security/2011/03/08/10 http://openwall.com/lists/oss-security/2011/03/08/2 http://openwall.com/lists/oss-security/2011/03/08/3 http://openwall.com/lists/oss-security/2011/03/08/7 http://reverse. • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 1%CPEs: 28EXPL: 7

CVE-2010-4051 – GNU libc/regcomp - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2010-4051

The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." La implementación de regcomp en la librería de C de GNU (también conocido como glibc o libc6) desde v2.11.3 y v2.12.x hasta v2.12.2, permite a atacantes dependientes de contexto provocar una denegación de servicio (caída de la aplicación) a través de una expresión regular que contiene repeticiones delimitadas adjacentes que pretenden evitar la limitación RE_DUP_MAX, como se demuestra mediante la secuencia {10} {10} {10} {10} {10} en el exploit proftpd.gnu.c para ProFTPD, relacionado con un desbordamiento de "RE_DUP_MAX". Mac OS X, Safari, Firefox and Kaspersky all suffer from a regular expression denial of service condition that was discovered long ago in regcomp(). • https://www.exploit-db.com/exploits/15935 http://cxib.net/stuff/proftpd.gnu.c http://seclists.org/fulldisclosure/2011/Jan/78 http://secunia.com/advisories/42547 http://securityreason.com/achievement_securityalert/93 http://securityreason.com/securityalert/8003 http://securitytracker.com/id?1024832 http://www.exploit-db.com/exploits/15935 http://www.kb.cert.org/vuls/id/912279 http://www.securityfocus.com/archive/1/515589/100/0/threaded http://www.securityfocus.com/bid/45 •

CVSS: 5.0EPSS: 2%CPEs: 28EXPL: 8

CVE-2010-4052 – GNU glibc - 'regcomp()' Stack Exhaustion Denial of Service

https://notcve.org/view.php?id=CVE-2010-4052

Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. Vulnerabilidad de lconsumo de pila de memoria en la aplicación regcomp en la Biblioteca de C de GNU (también conocido como glibc o libc6) hasta v2.11.3, y v2.12.x hasta v2.12.2, permite a atacantes dependientes de contexto para provocar una denegación de servicio (agotamiento de recursos) a través de expresión regular que contiene operadores de repetición adyacentes, como se demuestra con una secuencia {10} {10} {10} {10} en el exploit proftpd.gnu.c para ProFTPD. Mac OS X, Safari, Firefox and Kaspersky all suffer from a regular expression denial of service condition that was discovered long ago in regcomp(). • https://www.exploit-db.com/exploits/35061 https://www.exploit-db.com/exploits/15935 http://cxib.net/stuff/proftpd.gnu.c http://seclists.org/fulldisclosure/2011/Jan/78 http://secunia.com/advisories/42547 http://securityreason.com/achievement_securityalert/93 http://securityreason.com/securityalert/8003 http://securitytracker.com/id?1024832 http://www.exploit-db.com/exploits/15935 http://www.kb.cert.org/vuls/id/912279 http://www.securityfocus.com/archive/1/515589/100/0 • CWE-399: Resource Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 55EXPL: 3

CVE-2010-3856 – glibc - 'LD_AUDIT' Arbitrary DSO Load Privilege Escalation

https://notcve.org/view.php?id=CVE-2010-3856

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. ld.so en la librería de GNU C (también conocida como glibc o libc6) anteriores a v2.11.3, y v2.12.x anteriores a v2.12.2, no restringen el uso de la variable de entorno LD_AUDIT para hacer referencia a objetos dinámicos compartidos (DSO) como objetos de auditoría, que permite a usuarios locales conseguir privilegios mediante el aprovechamiento de un DSO inseguros ubicado en un directorio de la librería de confianza, como lo demuestra libpcprofile.so. The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector. • https://www.exploit-db.com/exploits/18105 https://www.exploit-db.com/exploits/44025 https://www.exploit-db.com/exploits/15304 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2010/Oct/344 http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2023/Jul/31 http:/&# • CWE-264: Permissions, Privileges, and Access Controls CWE-426: Untrusted Search Path •