CVE-2014-5207

fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNTNODEV, MNTNOSUID, and MNTNOEXEC and changing MNTATIMEMASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, ...

UBUNTU-CVE-2014-5207

fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNTNODEV, MNTNOSUID, and MNTNOEXEC and changing MNTATIMEMASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, ...

CVE-2014-5206

The doremount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNTLOCKREADONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount"...

UBUNTU-CVE-2014-5206

The doremount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNTLOCKREADONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount"...

Microsoft Windows NT <= 4.0 SP4 Known DLL Cache Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/234/info The names and mappings of kernel objects in NT are cached in the object namespace. In this area, DLL mappings are kept in a section called KnownDlls. By manipulating the namespace, it is possible to redirect call...

Linux Kernel 3.8.x - open-time Capability file_ns_capable() Privilege Escalation

No description provided by source. / usernsrootsploit.c by / / Copyright c 2013 Andrew Lutomirski. All rights reserved. / / You may use, modify, and redistribute this code under the GPLv2. / define GNUSOURCE include unistd.h include sched.h include sys/types.h include sys/wait.h include sys/mman....

CVE-2014-4014

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with grou...

CVE-2014-4014

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with grou...

Design/Logic Flaw

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with grou...

CVE-2014-4014

The CVE-2014-4014 issue is a Linux kernel local privilege escalation affecting versions before 3.14.8. The root cause is that namespaces are inapplicable to inodes, allowing a local user who creates a user namespace to bypass chmod restrictions by setting the setgid bit on a file with root group ...

CVE-2014-4014

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with grou...

Linux Kernel 3.13 - SGID Privilege Escalation

/ CVE-2014-4014 Linux Kernel Local Privilege Escalation PoC Vitaly Nikolenko http://hashcrack.org Usage: ./poc filepath where filepath is the file on which you want to set the sgid bit / define GNUSOURCE include include include include include include include include include define STACKSIZE 1024...

[oss-security] CVE-2014-4014: Linux kernel user namespace bug

The internal function inodecapable was used inappropriately. Depending on configuration, this may be usable to escalate privileges. A cursory inspection of my Fedora box suggests that it is not vulnerable to the obvious way to exploit this bug. The fix should appear in Linus' -master shortly, and...

OpenJDK: null xmlns handling issue (Security, 8025026)

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not...

[SECURITY] Fedora 19 Update: php-ZendFramework2-2.2.7-1.fc19

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...

CVE-2013-5036

The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the 1 namespace parameter to the deobfuscation function or 2 sourcemap parameter to the sourcemap function in app/controllers/api/v1controller.rb...

Deserialization of untrusted data

The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the 1 namespace parameter to the deobfuscation function or 2 sourcemap parameter to the sourcemap function in app/controllers/api/v1controller.rb...

OpenJDK: null xmlns handling issue (Security, 8025026)

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not...

[SECURITY] Fedora 19 Update: php-ZendFramework2-2.2.6-1.fc19

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...

MGASA-2014-0124 Updated mediawiki packages fix multiple vulnerabilities

Updated mediawiki packages fix security vulnerabilities: MediaWiki before 1.22.3 does not block unsafe namespaces, such as a W3C XHTML namespace, in uploaded SVG files. Some client software may use these namespaces in a way that results in XSS. This was fixed by disallowing uploading SVG files...