152 matches found
DSA-2376-2 ipmitool - insecure pid file
Bulletin has no description...
DSA-2376-1 ipmitool - insecure pid file
Bulletin has no description...
CVE-2011-4339
ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...
Code injection
ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...
CVE-2011-4339
ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...
CVE-2011-4339
ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...
CVE-2011-4339
ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...
DEBIAN-CVE-2011-1784
The pidfilewrite function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the 1 keepalived.pid, 2 checkers.pid, and 3 vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files...
CVE-2011-1784
The pidfilewrite function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the 1 keepalived.pid, 2 checkers.pid, and 3 vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files...
CVE-2011-1784
The pidfilewrite function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the 1 keepalived.pid, 2 checkers.pid, and 3 vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files...
HP DDMI on Windows Unspecified Remote Agent Access
The remote host is running an HP Discovery & Dependency Mapping Inventory DDMI agent to facilitate communications between a central DDMI server and workstations that are part of the deployed inventory process. The version of the agent on the remote host fails to check for a valid SSL certificate...
Design/Logic Flaw
Argument injection vulnerability in Enomaly Elastic Computing Platform ECP, formerly Enomalism, before 2.1.1 allows local users to send signals to arbitrary processes by populating the /tmp/enomalism2.pid file with command-line arguments for the kill program...
CVE-2009-0390
Argument injection vulnerability in Enomaly Elastic Computing Platform ECP, formerly Enomalism, before 2.1.1 allows local users to send signals to arbitrary processes by populating the /tmp/enomalism2.pid file with command-line arguments for the kill program...
CVE-2009-0390
Argument injection vulnerability in Enomaly Elastic Computing Platform ECP, formerly Enomalism, before 2.1.1 allows local users to send signals to arbitrary processes by populating the /tmp/enomalism2.pid file with command-line arguments for the kill program...
CVE-2009-0390
CVE-2009-0390 concerns Enomaly ECP/Enomalism (pre-2.2.1) with local vulnerabilities in enomalism2.sh, where insecure temporary file handling enables argument injection into kill and signaling of arbitrary processes via the /tmp/enomalism2.pid PIDFILE. Connected sources describe a race condition o...
Code injection
The Probe Builder Service aka PBOVISServer.exe in European Performance Systems EPS Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services OVIS on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified opcode...
CVE-2008-1667
The Probe Builder Service aka PBOVISServer.exe in European Performance Systems EPS Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services OVIS on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified opcode...
CVE-2008-1667
The CVE concerns HP OpenView Internet Services’ Probe Builder (EPS Probe Builder 2.2) on Windows where PBOVISServer.exe exposes an opcode allowing remote, unauthenticated termination of arbitrary processes by PID. Affected: EPS Probe Builder 2.2 prior to A.02.20.901 (used with HP OVIS). Impact: r...
CVE-2008-1667
The Probe Builder Service aka PBOVISServer.exe in European Performance Systems EPS Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services OVIS on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified opcode...
httpd scoreboard lack of PID protection
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the workerscore and processscore arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."...