CVE-2024-6760 ktrace(2) fails to detach when executing a setuid binary

A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which...

CVE-2024-6760

CVE-2024-6760 describes a logic bug in FreeBSD's ktrace which disables kernel tracing for setuid programs. The flaw allows unprivileged users to trace and inspect the behavior of setuid binaries, potentially reading files they normally should not access (e.g., the local password database). Connec...

PT-2024-37854 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A logic bug in the code disables kernel tracing for setuid programs, allowing unprivileged users to trace and inspect the behavior of setuid programs. This bug may be used by an...

FreeBSD-SA-24:06.ktrace

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:06.ktrace Security Advisory The FreeBSD Project Topic: ktrace2 fails to detach when executing a setuid binary Category: core Module: ktrace Announced:...

FreeBSD -- ktrace(2) fails to detach when executing a setuid binary

Problem Description: A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. Impact: The bug may be used by an unprivileged user to read the...

CVE-2024-6714

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege...

CVE-2024-6714

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege...

CVE-2024-6714

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege...

PT-2024-37817 · Provd +2 · Provd +2

Name of the Vulnerable Software and Affected Versions: provd versions prior to 0.1.5 Description: An issue was discovered in provd with a setuid binary, which allows a local attacker to escalate their privilege. Recommendations: For versions prior to 0.1.5, update to version 0.1.5 or later to...

UBUNTU-CVE-2024-6714

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege...

CVE-2021-3847

...

CBL Mariner 2.0 Security Update: nodejs18 / nodejs / libuv (CVE-2024-22017)

The version of nodejs18 / nodejs / libuv installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22017 advisory. - setuid does not affect libuv's internal iouring operations if initialized before the call...

CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

DEBIAN-CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

UBUNTU-CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

CVE-2024-38531

CVE-2024-38531 affects the Nix package manager. A build process can access and modify the permissions of the build directory, and after a setuid binary is created in a globally accessible location, a local attacker could assume the permissions of a Nix daemon worker and hijack all future builds. ...

CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

CVE-2024-38531 Nix sandbox escape

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

Advisory ROSA-SA-2024-2432

Software: man-db 2.7.6.1 OS: ROSA Virtualization 2.1 packageevrstring: man-db-2.7.6.1 CVE-ID: CVE-2018-25078 BDU-ID: None CVE-Crit: N/A CVE-DESC.: man-db in Gentoo allows local users with access to the man user account to gain root privileges, because /usr/bin/mandb is executed by the root user,...