CVE-2012-3524

CVE-2012-3524 affects libdbus 1.5.x and earlier when used in setuid/privileged programs; it permits local privilege escalation via the DBUS_SYSTEM_BUS_ADDRESS environment variable. Mitigation per the advisories is that the vulnerability lies in applications that fail to cleanse environment variab...

Moderate: Red Hat Security Advisory: spice-gtk security update

Updated spice-gtk packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CentOS Update for dbus CESA-2012:1261 centos6

Check for the Version of dbus OpenVAS Vulnerability Test CentOS Update for dbus CESA-2012:1261 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

dbus: privilege escalation when libdbus is used in setuid/setgid application

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...

Slackware: Security Advisory (SSA:2008-116-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mandrake Linux Security Advisory : glibc (MDKSA-2000:040)

A bug was discovered in ld.so that could allow local users to obtain root privileges. The dynamic loader, ld.so, is responsible for making shared libraries available within a program at run-time. Normally, a user is allowed to load additional shared libraries when executing a program; they can be...

Mandrake Linux Security Advisory : glibc (MDKSA-2000:045-1)

A bug was discovered in ld.so that could allow local users to obtain root privileges. The dynamic loader, ld.so, is responsible for making shared libraries available within a program at run-time. Normally, a user is allowed to load additional shared libraries when executing a program; they can be...

Scientific Linux Security Update : kernel on SL3.x i386/x86_64

CVE-2008-5029 kernel: Unix sockets kernel panic CVE-2008-5300 kernel: fix soft lockups/OOM issues with unix socket garbage collector CVE-2009-1337 kernel: exitnotify: kill the wrong capableCAPKILL check CVE-2009-1385 kernel: e1000cleanrxirq denial of service CVE-2009-1895 kernel: personality: fix...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This update fixes the following security issues : - a logic error was found in the dosetlk function of the Linux kernel Network File System NFS implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly created. This could cause a denial of service on the NFS...

Scientific Linux Security Update : rpm on SL4.x i386/x86_64

It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading or removing packages. A local attacker able to create hard links to binaries could use this flaw to keep those binaries on the system, at a specific version level and with the setuid or setgid bit set,...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

the Xen implementation did not prevent applications running in a para-virtualized guest from modifying CR4 TSC. This could cause a local denial of service. CVE-2007-5907, Important - Tavis Ormandy reported missing boundary checks in the Virtual Dynamic Shared Objects vDSO implementation. This...

Scientific Linux Security Update : rpm on SL5.x i386/x86_64

It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading packages. A local attacker able to create hard links to binaries could use this flaw to keep those binaries on the system, at a specific version level and with the setuid or setgid bit set, even if the...

Scientific Linux Security Update : kernel on SL4.x i386/x86_64

These new kernel packages contain fixes for the security issues described below : - a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN netwo...

CentOS Update for glibc CESA-2011:0412 centos5 x86_64

Check for the Version of glibc OpenVAS Vulnerability Test CentOS Update for glibc CESA-2011:0412 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

CentOS Update for samba3x CESA-2011:1220 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Setuid Nmap Exploit

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Information disclosure

The C handler plug-in in Automatic Bug Reporting Tool ABRT, possibly 2.0.8 and earlier, does not properly set the group GID permissions on core dump files for setuid programs when the sysctl fs.suiddumpable option is set to 2, which allows local users to obtain sensitive information...

python-wrapper - Untrusted Search PathCode Execution

python-wrapper - Untrusted Search PathCode Execution python-wrapper untrusted search path/code execution vulnerability Python-wrapper executes any test.py script within the current working directory, when supplied with help'modules'. A non-priviledged user may gain code execution by tricking root...

Python-wrapper Untrusted Search Path / Code Execution

python-wrapper untrusted search path/code execution vulnerability Python-wrapper executes any test.py script within the current working directory, when supplied with help'modules'. A non-priviledged user may gain code execution by tricking root to help'modules' or help and then modules from withi...

abrt: Setuid process core dump archived with unsafe GID permissions

The C handler plug-in in Automatic Bug Reporting Tool ABRT, possibly 2.0.8 and earlier, does not properly set the group GID permissions on core dump files for setuid programs when the sysctl fs.suiddumpable option is set to 2, which allows local users to obtain sensitive information...