CVE-2005-4889

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable 1 setuid or 2 setgid file, a related issue to CVE-2010-2059...

CVE-2010-2059

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable 1...

CVE-2005-4889

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable 1 setuid or 2 setgid file, a related issue to CVE-2010-2059...

CVE-2010-2059

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable 1...

CVE-2010-2059

CVE-2010-2059 affects RPM package manager: lib/fsm.c in RPM 4.8.0 and, per the description, unspecified 4.7.x and 4.6.x, and RPM before 4.4.3, may fail to reset executable file metadata during upgrade, potentially allowing local users to gain privileges by creating a hard link to a vulnerable (se...

CVE-2004-2768

dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable 1 setuid file, 2 setgid file, or 3 device, a related issue to CVE-2010-2059...

CVE-2004-2768

dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable 1 setuid file, 2 setgid file, or 3 device, a related issue to CVE-2010-2059...

CVE-2005-4889

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable 1 setuid or 2 setgid file, a related issue to CVE-2010-2059...

perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1

Race condition in the rmtree function in File::Path 1.08 and 2.07 lib/File/Path.pm in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error...

/bin/sh Setuid Shellcode

/ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail :...

linux/x86 sys_setuid(0) & sys_setgid(0) & execve ("/bin/sh") 39 bytes

Exploit for linux/x86 platform in category shellcode ===================================================================== linux/x86 syssetuid0 & syssetgid0 & execve "/bin/sh" 39 bytes ===================================================================== /...

linux/x86 Polymorphic - setuid(0) + chmod("/etc/shadow", 0666) 61 Bytes

Exploit for linux/x86 platform in category shellcode ================================================================================= linux/x86 Shellcode Polymorphic - setuid0 + chmod"/etc/shadow", 0666 61 Bytes ================================================================================= /...

linux/x86 setuid(0) + chmod("/etc/shadow", 0666) Shellcode 37 bytes

Exploit for linux/x86 platform in category shellcode =================================================================== linux/x86 setuid0 + chmod"/etc/shadow", 0666 Shellcode 37 bytes =================================================================== / Title: linux/x86 setuid0 +...

List Files with setuid-bit in / and /home, Check /tmp for sticky-bit

This plugin uses SSH to list files with setuid-bit in / and /home, check /tmp for sticky-bit. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

List Files with setuid-bit in / and /home, Check /tmp for sticky-bit

This plugin uses ssh to List Files with setuid-bit in / and /home, Check /tmp for sticky-bit. OpenVAS Vulnerability Test $Id: GSHBSSHsetuid.nasl 7076 2017-09-07 11:53:47Z teissa $ List Files with setuid-bit in / and /home, Check /tmp for sticky-bit Authors: Thomas Rotter Copyright: Copyright c 20...

linux/x86 setuid(0) ^ execve("/bin/sh", 0, 0) shellcode 27 bytes

Exploit for linux/x86 platform in category shellcode ================================================================ linux/x86 setuid0 ^ execve"/bin/sh", 0, 0 shellcode 27 bytes ================================================================...

linux/x86 setuid(0) + execve("/bin/sh",...) Shellcode 29 bytes

Exploit for linux/x86 platform in category shellcode ============================================================== linux/x86 setuid0 + execve"/bin/sh",... Shellcode 29 bytes ============================================================== / 29 byte-long setuid0 + execve"/bin/sh",... shellcode by...

Mandriva Update for nss_db MDVSA-2010:077 (nss_db)

Check for the Version of nssdb OpenVAS Vulnerability Test Mandriva Update for nssdb MDVSA-2010:077 nssdb Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Linux Kernel <= 2.6.34-rc3 ReiserFS xattr Privilege Escalation

No description provided by source. !/usr/bin/env python ''' team-edward.py Linux Kernel = 2.6.34-rc3 ReiserFS xattr Privilege Escalation Jon Oberheide [email protected] http://jon.oberheide.org Information: https://bugzilla.redhat.com/showbug.cgi?id=568041 The kernel allows processes to access th...

Linux Kernel 2.6.34-rc3 ReiserFS xattr Privilege Escalation

!/usr/bin/env python ''' team-edward.py Linux Kernel http://jon.oberheide.org Information: https://bugzilla.redhat.com/showbug.cgi?id=568041 The kernel allows processes to access the internal ".reiserfspriv" directory at the top of a reiserfs filesystem which is used to store xattrs. Permissions...