CVE-2019-4447

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpumdebug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a...

PT-2019-17087 · Ibm +1 · Ibm Db2 High Performance Unload +1

Name of the Vulnerable Software and Affected Versions: IBM DB2 High Performance Unload load for LUW versions 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 Description: The issue concerns a setuid root binary db2hpum debug that trusts the PATH environment variable. A...

systemd DynamicUser SetUID Binary Creation

systemd: DynamicUser can create setuid binaries when assisted by another process Related CVE Numbers: CVE-2019-3844. I am sending this bug report to Ubuntu as requested by systemd at . This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another...

CVE-2016-10729

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root...

MagniComp SysInfo Information Disclosure Vulnerability - Linux

MagniComp SysInfo is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apport Denial of Service Vulnerability (CNVD-2018-05468)

Ubuntu is a desktop-oriented GNU/Linux operating system developed by Canonical and the Ubuntu Foundation, and Apport is a toolkit that collects and provides feedback on errors information that the operating system finds useful when an application crashes. A security vulnerability exists in Apport...

SUSE-SU-2017:1621-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. bsc1039357...

Solaris 7 < 11 (SPARC/x86) - 'EXTREMEPARR' dtappgather Privilege Escalation

!/bin/ksh Exploit PoC reverse engineered from EXTREMEPARR which provides local root on Solaris 7 - 11 x86 & SPARC. Uses a environment variable of setuid binary dtappgather to manipulate file permissions and create a user owned directory anywhere on the system as root. Can then add a shared object...

DEBIAN-CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

CVE-2016-2984

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System GPFS 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program...

DLA-680-2 bash - version number correction

Bulletin has no description...

[SECURITY] [DLA 680-1] bash security update

Package : bash Version : 4.2+dfsg-0.1+deb7u3 CVE ID : CVE-2016-7543 An old attack vector has been corrected in bash, a sh-compatible command language interpreter. CVE-2016-7543 Specially crafted SHELLOPTS+PS4 environment variables in combination with insecure setuid binaries can result in root...

Fontconfig Arbitrary Code Execution Vulnerability

fontconfig is a library of functions that provide system-wide font settings, customization and allow applications to access them. An arbitrary code execution vulnerability exists in fontconfig, which can be exploited to trigger an arbitrary free call, which can lead to a double free attack to...

DeleGate 9.9.13 - Local Privilege Escalation

DeleGate 9.9.13 - Local Privilege Escalation Title: Local root vulnerability in DeleGate v9.9.13 Author: Larry W. Cashdollar, @larry0 Date: 2015-12-17 Advisory: http://www.vapidlabs.com/advisory.php?v=159 Download Sites: http://delegate.hpcc.jp/delegate/ http://delegate.org/delegate/ Vendor:...

USN-2599-2 linux-lts-utopic vulnerability

USN-2599-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory...

USN-2597-2: Linux kernel (Trusty HWE) regression

USN-2597-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory...

USN-2599-1 linux-lts-utopic vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

USN-2598-1 linux vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

S.u.S.E. Linux 6.3/6.4 Gnomelib Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1155/info A vulnerability exists in the handling of the DISPLAY variable, in versions of Gnomelib shipped with S.u.S.E. Linux, version 6.3. By supplying a long buffer containing machine executable code in the DISPLAY...

[USN-1576-1] DBus vulnerability

========================================================================== Ubuntu Security Notice USN-1576-1 September 20, 2012 dbus vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...