CVE-2014-1226

The CVE-2014-1226 entry concerns s3dvt’s pipe_init_terminal function in main.c, with local privilege escalation via setuid and reliance on bash 4.3 or earlier. Multiple sources (Veracode entries for s3dvt) confirm the root cause as an incomplete fix of CVE-2013-6876, affecting s3dvt 0.2.2 and ear...

CVE-2013-6876

The 1 ptyinitterminal and 2 pipeinitterminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the...

CVE-2014-1226

The pipeinitterminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876...

CVE-2013-6876

The CVE-2013-6876 issue affects s3dvt, specifically versions 0.2.2 and earlier, where the local privilege escalation is caused by two terminal-related routines in main.c: pty_init_terminal and pipe_init_terminal. The underlying flaw enables a local user to gain privileges by abusing setuid permis...

UBUNTU-CVE-2018-0492

Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation...

DEBIAN-CVE-2018-0492

Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation...

Race condition

screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService.checkpermission call...

CVE-2018-8885

screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService.checkpermission call...

CVE-2018-8885

screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService.checkpermission call...

IBM Spectrum LSF Privilege Escalation Vulnerability

A vulnerability was identified within IBM Spectrum LSF which made it was possible to impersonate other users when submitting jobs for execution. Additionally, it was found to be possible to impersonate and execute jobs as root, even where root job submission is disabled. Versions affected include...

Updated TiMidity++ packages fix security vulnerabilities

The insertnotesteps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted mid file. NOTE: a crash might be relevant when using the --background option CVE-2017-11546. The resamplegauss function in...

openSUSE Security Update : libdb-4_8 (openSUSE-2018-199)

This update for libdb-48 fixes the following issues : - A DBCONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-48. bsc1043886 This update was imported from the SUSE:SLE-12:Updat...

openSUSE Security Update : libdb-4_5 (openSUSE-2018-200)

This update for libdb-45 fixes the following issues : - A DBCONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-45. bsc1043886 %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2018-7281

CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a system call, thus allowing low privileged users to execute commands as root...

CVE-2018-7169

An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...

CVE-2018-7169

An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...

UBUNTU-CVE-2018-7169

An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...

CVE-2018-7169

An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...

SUSE SLES11 Security Update : libdb-4_5 (SUSE-SU-2018:0409-1)

This update for libdb-45 fixes the following issues : - A DBCONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-48. bsc1043886 Note that Tenable Network Security has extracted th...

glibc $ORIGIN Expansion Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid...