177 matches found
Kernel: fs: umount denial of service
The doumount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAPSYSADMIN capability for doremountsb calls that change the root filesystem to read-only, which allows local users to cause a denial of service loss of writability by making certain unshare system calls...
PT-2020-10295 · Open Container Initiative +7 · Runc +7
Name of the Vulnerable Software and Affected Versions: runc versions through 1.0.0-rc9 runc version 1.0.0-rc10 is not affected, as it contains the fix for this issue. Description: The issue is related to incorrect access control, leading to escalation of privileges. An attacker must be able to...
CVE-2014-7975
The doumount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAPSYSADMIN capability for doremountsb calls that change the root filesystem to read-only, which allows local users to cause a denial of service loss of writability by making certain unshare system calls...
UBUNTU-CVE-2014-7975
The doumount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAPSYSADMIN capability for doremountsb calls that change the root filesystem to read-only, which allows local users to cause a denial of service loss of writability by making certain unshare system calls...
[SECURITY] Fedora 17 Update: android-tools-20130123git98d0789-1.fc17
The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...
[SECURITY] Fedora 16 Update: android-tools-20130123git98d0789-1.fc16
The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...
[SECURITY] Fedora 17 Update: android-tools-20121120git3ddc005-1.fc17
The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...
Samba Symlink Directory Traversal
This module exploits a directory traversal flaw in the Samba CIFS server. To exploit this flaw, a writeable share must be specified. The newly created directory will link to the root filesystem. This module requires Metasploit: https://metasploit.com/download Current source:...
openSUSE Security Update : cifs-mount (cifs-mount-406)
This update fixes a bug that allowed the client to retrieve arbitrary memory content from the server process. CVE-2008-4314 Additionally another bug was fixed that affects environments that enabled registry shares by setting 'registry shares = yes'. In this case an authenticated user is...
Ubuntu 8.10 : samba vulnerability (USN-702-1)
Gunter Hockel discovered that Samba with registry shares enabled did not properly validate share names. An authenticated user could gain access to the root filesystem by using an older version of smbclient and specifying an empty string as a share name. This is only an issue if registry shares ar...
Mandriva Linux Security Advisory : samba (MDVSA-2009:042)
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name CVE-2009-0022. This update provides samba 3.2.7 to address this issue. %NASLMINLEVEL 70300 C Tenable...
Ubuntu USN-702-1 (samba)
The remote host is missing an update to samba announced via advisory USN-702-1. OpenVAS Vulnerability Test $Id: ubuntu7021.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu7021.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-702-1 samba Authors: Thomas Reinke...
DEBIAN-CVE-2009-0022
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name...
CVE-2009-0022
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name...
CVE-2009-0022
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name...
CVE-2009-0022
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name...
Cherokee Web Server does not adequately validate user input thereby allowing directory traversal
Overview Cherokee contains a directory traversal vulnerability caused by failure to filter '../' character sequences. Description Cherokee is a compact, open-source web server. Cherokee does not filter '../' sequences from HTTP requests. As a result, it is possible for a remote attacker to reques...