2626 matches found
CVE-2010-4170
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBEOPTIONS environment variable to specify a malicious configuration file...
Systemtap: Insecure loading of modules
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBEOPTIONS environment variable to specify a malicious configuration file...
Debian Security Advisory DSA 2122-1 (glibc)
The remote host is missing an update to glibc announced via advisory DSA 2122-1. OpenVAS Vulnerability Test $Id: deb21221.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2122-1 glibc Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...
CVE-2010-4236
Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ESLIBRARYPATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different...
glibc: ld.so arbitrary DSO loading via LD_AUDIT in setuid/setgid programs
ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...
IBM OmniFind Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits =============================================== IBM OmniFind Privilege Escalation Vulnerability =============================================== Privilege escalation in two applications CVE-2010-3895 Root SUID bits are set for the application...
Ubuntu: Security Advisory (USN-1009-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu Update for glibc, eglibc vulnerabilities USN-1009-1
Ubuntu Update for Linux kernel vulnerabilities USN-1009-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10091.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for glibc, eglibc vulnerabilities USN-1009-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
Debian DSA-2122-1 : glibc - missing input sanitization
Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LDAUDIT environment variable. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debi...
[SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalation
------------------------------------------------------------------------ Debian Security Advisory DSA-2122-1 [email protected] http://www.debian.org/security/ Florian Weimer October 22, 2010 http://www.debian.org/security/faq -...
CVE-2010-4039
Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors...
CVE-2010-4039
CVE-2010-4039 affects Google Chrome on Linux prior to 7.0.517.41 where the process fails to properly set the PATH environment variable. The description does not specify the exact impact or attack vectors; vulnerability details are limited to this PATH handling issue. Open-source/ANSI references i...
USN-997-1: Firefox and Xulrunner vulnerabilities
Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the...
Oracle Solaris su NULL Pointer
From http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/su/su.c 521 for j = 0; initenvj != 0; j++ 1 522 if initvar = getenvinitenvj 2 ... 535 else 536 var = char 537 mallocstrleninitenvj 3 538 + strleninitvar 539 + 2; 540 void strcpyvar, initenvj; 4 'su' when creating new environme...
CVE-2010-2929
Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the 1 route, 2 mv, and 3 cp programs, a different vulnerability than CVE-2010-1671...
Design/Logic Flaw
Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the 1 route, 2 mv, and 3 cp programs, a different vulnerability than CVE-2010-1671...
CVE-2010-2929
Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the 1 route, 2 mv, and 3 cp programs, a different vulnerability than CVE-2010-1671...
CVE-2010-2929
The CVE-2010-2929 entry identifies an untrusted search path vulnerability in hsolinkcontrol (part of hsolink 1.0.118). The underlying issue is a modified PATH environment variable that is used when executing the programs route, mv, and cp, enabling local users to gain privileges through PATH mani...
CVE-2010-2929
Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the 1 route, 2 mv, and 3 cp programs, a different vulnerability than CVE-2010-1671...
sudo security update
CentOS Errata and Security Advisory CESA-2010:0475 An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...