227 matches found
CVE-2016-10010
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c...
CVE-2016-10012
The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to t...
TinyPDF Installer DLL Hijacking / Unsafe Temp Directory
Hi @ll, the executable installer "InstallTinyPDF.exe", available from , is surprise.- vulnerable: 1. DLL hijacking this is well-known and well-documented; see , , , and "InstallTinyPDF.exe" loads and executes UXTheme.dll and/or DWMAPI.dll from its "application directory" instead Windows' "system...
CVE-2016-10012
The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to t...
CVE-2016-10010
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c...
UBUNTU-CVE-2016-10011
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...
UBUNTU-CVE-2016-10010
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c...
FreeBSD : openssh -- multiple vulnerabilities (2aedd15f-ca8b-11e6-a9a5-b499baebfeaf)
The OpenSSH project reports : - ssh-agent1: Will now refuse to load PKCS11 modules from paths outside a trusted whitelist run-time configurable. Requests to load modules could be passed via agent forwarding and an attacker could attempt to load a hostile PKCS11 module across the forwarded agent...
openssh -- multiple vulnerabilities
The OpenSSH project reports: ssh-agent1: Will now refuse to load PKCS11 modules from paths outside a trusted whitelist run-time configurable. Requests to load modules could be passed via agent forwarding and an attacker could attempt to load a hostile PKCS11 module across the forwarded agent...
[slackware-security] openssh
New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openssh-7.4p1-i586-1slack14.2.txz: Upgraded. This is primarily a bugfix release, and also addresses...
OpenSSH 7.4 - UsePrivilegeSeparation Disabled Forwarded Unix Domain Sockets Privilege Escalation Exp
Exploit for linux platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1010 This issue affects OpenSSH if privilege separation is disabled config option UsePrivilegeSeparation=no. While privilege separation is enabled by default, it is documented a...
CVE-2016-10012
It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged...
Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20160510)
Security Fixes : - It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested...
openssh, pam_ssh_agent_auth security update
CentOS Errata and Security Advisory CESA-2016:0741 An update for openssh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
RHEL 6 : openssh (RHSA-2016:0741)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0741 advisory. - openssh: XSECURITY restrictions bypass under certain conditions in ssh1 CVE-2015-5352 - openssh: Privilege separation weakness related to...
openssh: Privilege separation weakness related to PAM support
A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users...
WAGO IO PLC 758-870 / 750-849 Credential Management / Privilege Separation
WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities Background According to WAGO’s Web site, WAGO is an international company based in Germany. They operate production facilities in Germany, Switzerland, Poland, China, and India. WAGO maintains offices worldwide. According to WAGO, its products...
Amazon Linux AMI : openssh (ALAS-2015-625)
A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. It w...
Medium: openssh
Issue Overview: A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as...
CVE-2015-7046
The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges...