RHEL 5 : rpm (RHSA-2010:0679)

Updated rpm packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

Moderate: Red Hat Security Advisory: rpm security and bug fix update

Updated rpm packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

Moderate: Red Hat Security Advisory: rpm security update

Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...

rpm: fails to drop SUID/SGID bits on package removal

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable 1 setuid or 2 setgid file, a related issue to CVE-2010-2059...

rpm: fails to drop SUID/SGID bits on package upgrade

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable 1...

Zysploit

Takes advantage of a setuid vulnerability few details available...

linux/x86 setuid(0) && execve(/bin/sh,0,0) 27 bytes

Exploit for linux/x86 platform in category shellcode ============================================================= linux/x86 setuid0 && execve/bin/sh,0,0 shellcode 27 bytes ============================================================= Special Thanks Inj3ct0r Exploit DataBase I Love Inj3ct0r.Com...

linux/x86 setuid(0) && execve(/usr/sbin/pwunconv,0,0) 42 bytes

Exploit for linux/x86 platform in category shellcode ======================================================================== linux/x86 setuid0 && execve/usr/sbin/pwunconv,0,0 shellcode 42 bytes ======================================================================== Special Thanks Inj3ct0r Explo...

Fedora 13 : nss_db-2.2.3-0.3.pre1.fc13 (2010-6203)

Stephane Chazelas reported that the nssdb module attempts to read a DBCONFIG file in the current directory when it is used. If the contents of the file can't be parsed properly, the copy of libdb which nssdb uses will print an error message. If nssdb is invoked from a setuid process, it may then...

Linux/ARM - setuid0 & execve"/bin/sh","/bin/sh",0 38 bytes

Linux/ARM - setuid0 & execve"/bin/sh","/bin/sh",0 - 38 bytes. Shellcode exploit for linux platform / Title: Linux/ARM - setuid0 & execve"/bin/sh","/bin/sh",0 - 38 bytes Date: 2010-06-29 Tested: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan Web: http://shell-storm.org |...

linux/ARM - setuid(0) & kill(-1, SIGKILL) - 28 bytes

Exploit for linux/x86 platform in category shellcode ==================================================== linux/ARM - setuid0 & kill-1, SIGKILL - 28 bytes ==================================================== / Title: Linux/ARM - setuid0 & kill-1, SIGKILL - 28 bytes Kill all processes Date:...

linux/ARM - setuid(0) & execve("/bin/sh","/bin/sh",0) - 38 bytes

Exploit for linux/x86 platform in category shellcode ================================================================ linux/ARM - setuid0 & execve"/bin/sh","/bin/sh",0 - 38 bytes ================================================================ / Title: Linux/ARM - setuid0 &...

Linux/ARM - setuid0 & kill-1, SIGKILL 28 bytes

Linux/ARM - setuid0 & kill-1, SIGKILL - 28 bytes. Shellcode exploit for linux platform / Title: Linux/ARM - setuid0 & kill-1, SIGKILL - 28 bytes Kill all processes Date: 2010-06-29 Tested: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan Web: http://shell-storm.org | http://twitter.com/jonathansalwan...

Linux/x86-64 - setuid0 & chmod "/etc/passwd", 0777 & exit0 63 bytes

Linux/x86-64 - setuid0 & chmod "/etc/passwd", 0777 & exit0 - 63 bytes. Shellcode exploit for linx86-64 platform / Title: Linux/x86-64 - setuid0 & chmod "/etc/passwd", 0777 & exit0 - 63 bytes Date: 2010-06-17 Tested: Archlinux x8664 k2.6.33 Author: Jonathan Salwan Web: http://shell-storm.org |...

linux/x86-64 setuid(0) & chmod ("/etc/passwd", 0777) & exit(0) 63 bytes

Exploit for linux/x86-64 platform in category shellcode ======================================================================= linux/x86-64 setuid0 & chmod "/etc/passwd", 0777 & exit0 63 bytes ======================================================================= / Title: Linux/x86-64 - setuid0...

CVE-2010-2059

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable 1...

DEBIAN-CVE-2010-2059

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable 1...

DEBIAN-CVE-2005-4889

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable 1 setuid or 2 setgid file, a related issue to CVE-2010-2059...

CVE-2005-4889

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable 1 setuid or 2 setgid file, a related issue to CVE-2010-2059...

CVE-2004-2768

dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable 1 setuid file, 2 setgid file, or 3 device, a related issue to CVE-2010-2059...