VULHUB ™

LIDS ("Linux Intrusion Detection System") is a kernel add-on that implements enhanced filesystem access control and other security features. LIDS also enhances the Linux 'capabilities' security mechanism, which allows for system utilities to perform specific administrative operations without full superuser privileges. It is possible for attackers to gain capabilities of other programs by executing custom code using the LD_PRELOAD environment variable. LD_PRELOAD is an environment variable that lists shared libraries that are to be loaded in programs at runtime. Attackers can execute code with the capabilities of any program by linking a custom library to the target program via LD_PRELOAD. This vulnerability allows for security policy to be violated. Attackers who have obtained root access may gain the capabilities assigned to any program. In addition, local users may be able to elevate privileges by exploiting non-setuid programs assigned the CAP_SETUID capability.

LIDS ("Linux Intrusion Detection System") is a kernel add-on that implements enhanced filesystem access control and other security features. LIDS also enhances the Linux 'capabilities' security mechanism, which allows for system utilities to perform specific administrative operations without full superuser privileges. It is possible for attackers to gain capabilities of other programs by executing custom code using the LD_PRELOAD environment variable. LD_PRELOAD is an environment variable that lists shared libraries that are to be loaded in programs at runtime. Attackers can execute code with the capabilities of any program by linking a custom library to the target program via LD_PRELOAD. This vulnerability allows for security policy to be violated. Attackers who have obtained root access may gain the capabilities assigned to any program. In addition, local users may be able to elevate privileges by exploiting non-setuid programs assigned the CAP_SETUID capability.