MPack with virtual hosting and PHP security-vulnerability warning-the black bar safety net

MPack is by a self-proclaimed "Dream Coders Team" of the organization development of the PHP program, which contain a number of the latest exploit code can be used to manipulate the distal end of attacks on Panda Labs at the end of last year when for the first time found that, at the time someone...

MDKA-2007:079 : postfix

This update to the postfix package fixes two bugs in the chroot script that in some cases could have prevented postfix from working at all: - The chroot script would malfunction if no postfix dynamic maps were installed - The chroot script would not enforce a safe umask, and could create a chroot...

SOL5165 - rsync directory traversal vulnerability - CAN-2004-0792

Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. Information about this advisory is available at the following location:...

security flaw

Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\" sequences, a similar vulnerability to CVE-2006-1864...

Design/Logic Flaw

The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges...

CVE-2007-0536

The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges...

CVE-2007-0536

The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges...

CVE-2007-0536

The CVE-2007-0536 issue affects rPath Linux 1: the rMake chroot helper fails to drop supplemental groups, causing packages to be installed with insecure permissions and potentially enabling local privilege escalation. Root cause: missing drop of supplemental groups in the chroot helper. Impact: l...

Fedora Core 4 : kernel-2.6.16-1.2108_FC4 (2006-517)

Mark Moseley reported that a chroot environment on a SMB share can be left via 'cd ..'. Similar to CVE-2006-1863 issue with cifs, this fix is for smbfs. CVE-2006-1864 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...

GNU InetUtils ftpd 1.4.2 - 'ld.so.preload' Remote Code Execution

FTP server GNU inetutils 1.4.2 Remote Root Exploit This program remotely exploits the most recent versions of GNU inetutils ftpd on linux systems. Requirements: 1. There MUST be a chroot'ed environment for the logged in user 2. Directory etc must be writeable by the logged in user duh! The exploi...

Netkit FTP Server protection bypass

Invalid chroot and seteuid usage under some circumstances allow FTP root directory bypass...

security flaw

Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\" sequences, a similar vulnerability to CVE-2006-1863...

TIBCO Rendezvous daemon components contain a buffer overflow in the HTTP administrative interface

Overview A vulnerability in the TIBCO Rendezvous daemon components may allow a remote attacker to execute arbitrary code on an affected system. Description TIBCO Rendezvous is a distributed messaging software platform. A buffer overflow vulnerability has been discovered in the HTTP administrative...

Directory traversal

Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE...

CVE-2006-2654

Technical details for CVE-2006-2654 are not publicly available in the provided connected documents; the entries reference related SMBFS issues but do not disclose affected products, versions, root cause, or fixes. Monitor for updates.

Linux / FreeBSD kernel SMBFS/CIFSFS chroot restriction bypass

It's possible to traverse chroot directory...

FreeBSD Security Advisory FreeBSD-SA-06:16.smbfs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:16.smbfs Security Advisory The FreeBSD Project Topic: smbfs chroot escape Category: core Module: smbfs Announced: 2006-05-31 Credits: Mark Moseley Affects: All...

smbfs -- chroot escape

Problem Description smbfs does not properly sanitize paths containing a backslash character; in particular the directory name '..' is interpreted as the parent directory by the SMB/CIFS server, but smbfs handles it in the same manner as any other directory. Impact When inside a chroot environment...

FreeBSD-SA-06:16.smbfs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:16.smbfs Security Advisory The FreeBSD Project Topic: smbfs chroot escape Category: core Module: smbfs Announced: 2006-05-31 Credits: Mark Moseley Affects: All...

security flaw

Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\" sequences, a similar vulnerability to CVE-2006-1863...