SuSE9 Security Update : heimdal (YOU Patch Number 11192)

This update fixes a security problem in heimdal tools, if installed setuid. Missing setuid return checking might be used by local users to escalate their privileges to root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

Linux Kernel O_EXCL NFSv4本地权限提升漏洞

BUGTRAQ ID: 36472 CVE ID: CVE-2009-3286 Linux Kernel是开放源码操作系统Linux所使用的内核。 当OEXCL创建文件失败时，Linux Kernel的NFSv4没有正确地清除inode。这导致以不安全的设置（如setuid位）创建文件，本地用户可以通过执行doopenpermission函数获得权限提升。 Linux kernel 2.6.x 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://git.kernel.org/linus/af85852d...

CVE-2009-3286

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an OEXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the...

CVE-2009-3286

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an OEXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Updated 21st July 2010 Added links to KBase articles expanding on three...

kernel: personality: fix PER_CLEAR_ON_SETID

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...

IBM AIX 5.6/6.1 _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug

No description provided by source. !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi [email protected] Property of @ Mediaservice.net Srl Data Security Division http://www.mediaservice.net/...

IBM AIX 5.66.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug

IBM AIX 5.66.1 - LIBINITDBG Arbitrary File Overwrite via Libc Debug !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi Property of @ Mediaservice.net Srl Data Security Division...

IBM AIX 5.6/6.1 - '_LIB_INIT_DBG' Arbitrary File Overwrite via Libc Debug

!/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi Property of @ Mediaservice.net Srl Data Security Division http://www.mediaservice.net/ http://lab.mediaservice.net/ DON'T RUN THIS UNLESS YOU KNOW...

FreeBSD <= 6.1 kqueue() NULL pointer Dereference Local Root Exploit

No description provided by source. FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread loopin...

FreeBSD <= 6.1 kqueue() NULL pointer dereference

FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread looping on kevent, trying to add possibly...

Race condition

The mmformaps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read 1 maps and 2 smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition...

CVE-2009-2691

CVE-2009-2691 affects the Linux kernel (2.6.30.4 and earlier) via the mm_for_maps path in fs/proc/base.c, allowing a local attacker to read maps and smaps files under /proc during ELF loading for a setuid process, due to a race condition. Impact is information exposure (maps/smaps); exploitation ...

CVE-2009-2691

The mmformaps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read 1 maps and 2 smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition...

IBM AIX libC XL C++运行时库本地权限提升漏洞

IBM AIX是一款商业性质的UNIX操作系统。 AIX的XL C++运行时库的调试组件没有正确地处理LIBINITDBG和LIBINITDBGFILE环境变量，本地用户可以通过链接到XL C++运行时库的setuid root程序创建属于root的任意可写文件。 AIX 5.3中受影响的库是/usr/lpp/xlC/lib/libC.a，AIX 6.1中受影响的库是/usr/ccs/lib/libc.a和/usr/ccs/lib/libp/libc.a。 IBM AIX 6.1 IBM AIX 5.3 厂商补丁： IBM ---...

CVE-2009-2669

A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the 1 LIBINITDBG and 2 LIBINITDBGFILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, relate...

CVE-2009-2669

A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the 1 LIBINITDBG and 2 LIBINITDBGFILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, relate...

CVE-2009-2657

nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2...

CVE-2009-2657

Nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, enabling local users to run arbitrary commands via the device string in a -c option to mkfs.nilfs2. Affected components: nilfs-utils and related nilfs2-utils tooling. Impact: local privilege escalation. Remed...

CVE-2009-2657

nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2...