golang: runtime: unexpected behavior of setuid/setgid binaries

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/...

CVE-2023-29403

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/...

EulerOS Virtualization 3.0.6.0 : dbus (EulerOS-SA-2023-2208)

According to the versions of the dbus packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in D-Bus Development branch = 1.13.16, dbus-1.12.x stable branch = 1.12.18, and dbus-1.10.x and old...

EulerOS Virtualization 3.0.6.0 : libtirpc (EulerOS-SA-2023-2201)

According to the versions of the libtirpc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle T...

AZL-37368 CVE-2023-29403 affecting package golang for versions less than 1.21.6-1

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

CVE-2023-29403

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

DEBIAN-CVE-2023-29403

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

CVE-2023-29403 Unsafe behavior in setuid/setgid binaries in runtime

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

CVE-2023-29403 Unsafe behavior in setuid/setgid binaries in runtime

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

CVE-2023-29403

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

CVE-2023-29403

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

EulerOS Virtualization 2.10.0 : dbus (EulerOS-SA-2023-1916)

According to the versions of the dbus packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attack...

EulerOS Virtualization 3.0.2.0 : libtirpc (EulerOS-SA-2023-1703)

According to the versions of the libtirpc package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TC...

GLSA-202305-08 : D-Bus: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-08 D-Bus: Multiple Vulnerabilities - An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use...

Siemens SCALANCE XCM332 Allocation of Resources Without Limits or Throttling (CVE-2021-46828)

In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svcrun infinite loop without accepting new connections. This plugin only works with Tenable.ot. Please visit...

Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor

...

Amazon Linux AMI : dbus (ALAS-2023-1730)

The version of dbus installed on the remote host is prior to 1.6.12-14.31. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1730 advisory. An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An...

Medium: dbus

Issue Overview: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. CVE-2022-42010 An...

Design/Logic Flaw

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...

CVE-2023-30612 Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...