ld preload software vulnerabilities
vulnerabilities.aspcode.net
Searching ld preload software vulnerabilities
Buffer overflow in run-time linkers (1) ld.so o
run-time
|
overflow
|
linkers
|
Buffer
|
Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.
Stack-based buffer overflow in the runtime link
environment
|
Stack-based
|
LD_PRELOAD
|
privileges
|
variable
|
overflow
|
runtime
|
through
|
Solaris
|
buffer
|
linker
|
allows
|
users
|
local
|
ldso1
|
long
|
root
|
gain
|
via
|
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 be
glibc
|
GNU
|
GNU glibc 2.3.4 before 2.3.4.Saturday, June 19, 2004, 2.3.3 before 2.3.3.Tuesday, April 20, 2004, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
Qt before 3.3.4 searches the BUILD_PREFIX direc
before
|
Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs.
Untrusted search path vulnerability in the crtt
vulnerability
|
Untrusted
|
Neutrino
|
command
|
crttrap
|
search
|
RTOS
|
path
|
QNX
|
Untrusted search path vulnerability in the crttrap command in QNX Neutrino RTOS 6.2.1 allows local users to load arbitrary libraries via a LD_LIBRARY_PATH environment variable that references a malicious library.
The runtime linker (ld.so) in Solaris 8, 9, and
runtime
|
linker
|
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
Buffer overflow in the environment variable sub
"$VAR/EVAR=arg"
|
substitution
|
environment
|
LD_PRELOAD
|
arguments
|
variables
|
arbitrary
|
pathname
|
returned
|
variable
|
overflow
|
function
|
appended
|
portion
|
getenv
|
allows
|
Buffer
|
inject
|
which
|
cause
|
mainc
|
local
|
users
|
17-14
|
call
|
code
|
such
|
EVAR
|
form
|
OSH
|
via
|
Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call.
Multiple untrusted search path vulnerabilities
vulnerabilities
|
untrusted
|
Multiple
|
search
|
Linux
|
SUSE
|
path
|
Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.
Multiple untrusted search path vulnerabilities
vulnerabilities
|
untrusted
|
Multiple
|
search
|
Linux
|
SUSE
|
path
|
Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.
ld in SUSE Linux 9.1 through 10.0, and SLES 9,
through
|
Linux
|
SUSE
|
ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an attacker-controlled library file.
OpenVPN 2.0 through 2.0.5 allows remote malicio
through
|
OpenVPN
|
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
The _dl_unsetenv function in loader.c in the EL
_dl_unsetenv
|
environment
|
privileges
|
LD_PRELOAD
|
duplicate
|
processes
|
dangerous
|
leveraged
|
variables
|
properly
|
function
|
loading
|
loaderc
|
OpenBSD
|
remove
|
allows
|
might
|
local
|
which
|
users
|
does
|
ldso
|
gain
|
such
|
pass
|
ELF
|
not
|
The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.
** DISPUTED ** Integer overflow in the process
process_envvars
|
LD_HWCAP_MASK
|
environment
|
elf/rtldc
|
arbitrary
|
DISPUTED
|
variable
|
function
|
overflow
|
execute
|
Integer
|
before
|
25-rc4
|
value
|
large
|
allow
|
might
|
glibc
|
local
|
users
|
code
|
via
|
** DISPUTED ** Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution.
Untrusted search path vulnerability in the wrap
vulnerability
|
Untrusted
|
wrapper
|
scripts
|
search
|
path
|
Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables.
Software vulnerabilities results 1 to 15 of 15
Page:
1