Race Condition

spice-vdagent is vulnerable to race conditions. The vulnerability exists through UNIX Doman Socket Peer PID Retrieved via SOPEERCRED...

Denial Of Service (DoS)

spice-vdagent is vulnerable to denial of service. There is no limit to the number of client connections that can be established via the UNIX domain socket in /run/spice-vdagentd/spice-vdagent-sock, and are not subjected to timeout or any preconditions for them to stay alive. Any local user in the...

CVE-2020-25652

A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in /run/spice-vdagentd/spice-vdagent-sock. This flaw allows any unprivileged local guest user to prevent legitimate agents from connecting to the...

CVE-2020-25650

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. This flaw allows any unprivileged local guest user with access to the UNIX domain socket path /run/spice-vdagentd/spice-vdagent-sock to perform a memory denial of service for...

kernel: af_packet: TPACKET_V3: invalid timer timeout on error

A flaw was found in the way the afpacket functionality in the Linux kernel handled the retirement timer setting for TPACKETv3 when getting settings from the underlying network device errors out. This flaw allows a local user who can open the afpacket domain socket and who can hit the error path, ...

CVE-2020-25652

A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in /run/spice-vdagentd/spice-vdagent-sock. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to th...

UBUNTU-CVE-2020-25650

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path /run/spice-vdagentd/spice-vdagent-sock could use this flaw to perform a memory denial of service f...

fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket if the socket is being moved to a new parent directory and its old parent directory is being removed.

...

CVE-2020-15708

A flaw was found in libvirt, where an incorrect permissions issue occurs on the UNIX domain socket. This flaw allows a local attacker to access libvirt and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, and system availability...

Ubuntu: Security Advisory (USN-4452-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4452-1 libvirt vulnerability

Trent Shea working with Trend Micro´s Zero Day Initiative, discovered that the libvirt package set incorrect permissions on the UNIX domain socket. A local attacker could use this issue to access libvirt and escalate privileges...

DEBIAN-CVE-2020-12049

An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AFUNIX socket...

Buffer Overflow

Putty is vulnerable to buffer overflow. The sshagentchanneldata function in PuTTY allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection,...

Denial Of Service (DoS)

gdm is vulnerable to denial of service. A flaw was found in the way Gdm listens on its unix domain socket. A local user could crash a running X session by writing malicious data to Gdm's unix domain socket...

Updated kernel-linus packages fix security vulnerabilities

This update provides upstream 5.4.20, adding support for new hardware and features, and resolves at least the following security issues: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This...

CVE-2020-8448

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a denial of service NULL pointer dereference via crafted messages written directly to the analysisd UNIX domain socket by a local user...

CVE-2020-8448

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a denial of service NULL pointer dereference via crafted messages written directly to the analysisd UNIX domain socket by a local user...

CVE-2020-8446

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to path traversal with write access via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user...

Null pointer dereference

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a denial of service NULL pointer dereference via crafted messages written directly to the analysisd UNIX domain socket by a local user...

CVE-2020-8446

CVE-2020-8446 affects OSSEC-HIDS 2.7–3.5.0. The server component ossec-analysisd is vulnerable to a path traversal with write access, exploitable by a local user through crafted syscheck messages sent to the analysisd UNIX domain socket. Impact: integrity is HIGH, confidentiality and availability...