FreeBSD Security Advisory FreeBSD-SA-09:16.rtld

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:16.rtld Security Advisory The FreeBSD Project Topic: Improper environment sanitization in rtld1 Category: core Module: rtld Announced: 2009-12-03 Affects:...

linux/x86 setuid(0) & execve("/sbin/poweroff -f") 47 bytes

Exploit for linux/x86 platform in category shellcode ========================================================== linux/x86 setuid0 & execve"/sbin/poweroff -f" 47 bytes ========================================================== include / linux/x86 ; setuid0 & execve"/sbin/poweroff -f" 47 bytes...

linux/x86 setuid(0) & execve(/bin/cat /etc/shadow) 49 bytes

Exploit for linux/x86 platform in category shellcode =========================================================== linux/x86 setuid0 & execve/bin/cat /etc/shadow 49 bytes =========================================================== include / linux/x86 ; setuid0 & execve/bin/cat /etc/shadow 49 bytes...

Linux - setuid0 & execve"/sbin/poweroff -f"

Linux - setuid0 & execve"/sbin/poweroff -f". Shellcode exploit for linx86 platform include / linux/x86 ; setuid0 & execve"/sbin/poweroff -f" 47 bytes written by ka0x - lun sep 21 16:40:16 CEST 2009 greets: an0de, Piker, xarnuz, NullWave07, Pepelux, JosS, sch3m4, Trancek, Hendrix and others! / int...

EUVD-2009-4117

The rtld function in the Run-Time Link-Editor rtld in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the 1 LDLIBMAP, 2 LDLIBRARYPATH, 3 LDLIBMAPDISABLE, 4 LDDEBUG, and 5 LDELFHINTSPATH environment variables, which allows local users to gain privileges by executing a setuid or setgu...

CVE-2009-4146

The rtld function in the Run-Time Link-Editor rtld in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LDPRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LDPRELOAD variable containing an...

samba: information disclosure in suid mount.cifs

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the...

Moderate: Red Hat Security Advisory: samba3x security and bug fix update

Updated samba3x packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Samba is a suite of programs used by machines to share...

kernel: O_EXCL creates on NFSv4 are broken

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an OEXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the...

kernel: personality: fix PER_CLEAR_ON_SETID

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...

kernel: /proc/$pid/maps visible during initial setuid ELF loading

The mmformaps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read 1 maps and 2 smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition...

How to find unix broiler-vulnerability warning-the black bar safety net

Why that is I and the x-laser together with looking for broiler? Because all our operations are all in the 3 3 8 9 broiler on. First of all, we are on to the same terminal, premise:the terminal is open,rather than doing it on your own,so that only the Terminal Services Manager can be usedand then...

samba security update

CentOS Errata and Security Advisory CESA-2009:1529 Updated samba packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Samba is a suite of programs use...

Samba setuid mount.cifs信息泄露漏洞

BUGTRAQ ID: 36572 CVE ID: CVE-2009-2948 Samba是一套实现SMB（Server Messages Block）协议、跨平台进行文件共享和打印共享服务的程序。 mount.cifs程序允许用户通过不同的方式传送凭据文件的名称或包含有口令的文件。如果安装为setuid程序，mount.cifs没有判断试图访问该文件的用户是否拥有root用户权限。远程攻击者可以通过使用--verbose或-v选项，向mount.cifs传送凭据文件，然后读取所传送口令的第一行。 Samba Samba 3.4 Samba Samba 3.3 Samba Samba 3...

Samba < 3.0.37 / 3.2.15 / 3.3.8 / 3.4.2 Multiple Vulnerabilities

Binary data 5194.prm...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard...

CVE-2009-2904

A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, relate...

Information disclosure by setuid mount.cifs

Description The mount.cifs program allows a user to pass in the name of a credentials file or a file containing a password via several different means. When installed as a setuid program, it does not check to see whether the user would have had access to this file prior to gaining root privileges...

openssh: possible privilege escalation when using ChrootDirectory setting

A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, relate...

SuSE9 Security Update : arts (YOU Patch Number 11075)

The KDE soundserver aRts lacked checks around some setuid calls. This could be used by a local attacker to gain root privileges. CVE-2006-2916 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...