telnetsnoopd and OpenSSH were vulnerable to LD_PRELOAD-based attacks using libroot or similar tools. This dated back to 1997 in the case of telnetsnoopd.
https://packetstorm.news/files/id/25515/
https://seclists.org/bugtraq/1997/Feb/87
in.telnetsnoopd, OpenSSH LD_PRELOAD vulnerability
2025-04-12
Recent Posts
Linux Persistence: Modular Software
2025-04-17 DFIR CTF persistence linux persistence apache asterisk
Linux Persistence: Web Shells
2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP
Linux Persistence: Rootkits
2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking
Defanging Linux LKM Rootkits With cleanup_module()
2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit