CLSA-2022-1643112395 Fix of CVE: CVE-2021-44038

CVE-2021-44038: low privilege escalation during package installation/update due to insecure chmod in spec file...

Fix of CVE: CVE-2021-44038

CVE-2021-44038: low privilege escalation during package installation/update due to insecure chmod in spec file...

Quagga <= 1.2.4 Privilege Escalation Vulnerability

Quagga is prone to a privilege escalation vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

AZL-7336 CVE-2021-44038 affecting package quagga 1.2.4-15

An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update...

Design/Logic Flaw

An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update...

CVE-2021-44038

An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update...

CVE-2021-44038

An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update...

CVE-2021-44038

Removed by vendor...

Quagga 后置链接漏洞

Quagga is a routing software suite from the individual developer Kunihiro Ishiguro in the United States. The suite implements protocols such as OSPFv2, OSPFv3, and RIP v1/v2 on a variety of platforms, and provides route redistribution, route mapping, and other features. Quagga suffers from a...

Security update for containerd, docker, runc (important)

openSUSE Security Update: Security update for containerd, docker, runc Announcement ID: openSUSE-SU-2021:3506-1 Rating: important References: 1102408 1185405 1187704 1188282 1190826 1191015 1191121 1191334 1191355 1191434 Cross-References: CVE-2021-30465 CVE-2021-32760 CVE-2021-41089 CVE-2021-410...

rConfig chmod Command Insecure Privilege Vulnerability

rConfig is an open source network device configuration management utility . An insecure privilege vulnerability exists in the chmod command in rConfig version 3.9.6. The vulnerability stems from the fact that after installing rConfig, an apache user can execute chmod as root without a password,...

CVE-2021-29005

Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server...

Command injection

Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server...

CVE-2021-29005

Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server...

CVE-2021-29005

CVE-2021-29005 affects the rConfig server (version 3.9.6). The root cause is an insecure permission setup around the chmod command, allowing an Apache user to run chmod as root without a password after installation. This can let a low-privilege attacker gain root access on the server. The connect...

rConfig 安全漏洞

rConfig is an open source network device configuration management utility . An insecure privilege vulnerability exists in the chmod command in rConfig version 3.9.6. The vulnerability stems from the fact that after installing rConfig, an apache user can execute chmod as root without a password,...

CVE-2021-41089 `docker cp` allows unexpected chmod of host files

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem,...

Privilege Escalation

systemd-cron:sid is vulnerable to privilege escalation. In the cron package, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

The vulnerability in the implementation of the `chmod` command in the container runtime system, Containerd, allows a malicious actor to increase their privileges.

The vulnerability of the chmod command implementation in the container runtime system, Containerd, is related to deficiencies in the isolation of the controlled system area. Exploiting this vulnerability allows a remote attacker to increase their privileges...

CVE-2021-30463

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a...