CVE-2010-3856 Exploit | @Mediaservice.net Technical Blog

On 4 Feb, 2011
By Marco Ivaldi (aka raptor)

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so (CVE-2010-3856).

http://lab.mediaservice.net/code/raptor_ldaudit
MD5: 8258ca708474ed86adb154c899bb1c12
SHA-1: a18a591faff0382ac3a54522acf3ee709e3b7d44
http://lab.mediaservice.net/code/raptor_ldaudit2
MD5: cce9edfc7ff62c900a5aff57a50caf2b
SHA-1: 3761f7987e39960d329c1bfa7e80f3c90c0c04ec

More JBOSS hacking
CVE-2020-2656 – Low impact information disclosure via Solaris xlock
JBOSS application deploy via web
Remote Desktop tunneling tips & tricks
Advanced mobile penetration testing with Brida – Slides HackInBo 2017 WE
CVE-2016-7065 – Red Hat JBoss EAP deserialization of untrusted data

Written by: Marco Ivaldi (aka raptor) on February 4, 2011.

Related Posts