EulerOS 2.0 SP9 : lxc (EulerOS-SA-2023-1451)

According to the versions of the lxc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected...

EulerOS 2.0 SP9 : lxc (EulerOS-SA-2023-1476)

According to the versions of the lxc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected...

K15156: OpenSSH vulnerability CVE-2009-2904

Security Advisory Description A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files withi...

K24207649: GNU C Library (glibc) vulnerability CVE-2021-3999

Security Advisory Description A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this fla...

K16876: Mount (seunshare_mount) vulnerability CVE-2011-1101

Security Advisory Description Description CVE-2011-1101 The seunsharemount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux RHEL 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tm...

SUSE CVE-2003-0645

man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the /.manpath file, even when running setuid, which could allow local users to gain privileges...

SUSE CVE-2003-0709

Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option...

SUSE CVE-2004-0564

Roaring Penguin pppoe rp-ppoe, if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this...

SUSE CVE-2004-1070

The loadelfbinary function in the binfmtelf loader binfmtelf.c in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernelread function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary...

SUSE CVE-2004-1453

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LDDEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program...

SUSE CVE-2005-0070

Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files...

SUSE CVE-2005-0076

Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library...

SUSE CVE-2005-0155

The PerlIO implementation in Perl 5.8.0, when installed with setuid support sperl, allows local users to create arbitrary files via the PERLIODEBUG variable...

SUSE CVE-2005-0156

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support sperl, allows local users to execute arbitrary code by setting the PERLIODEBUG variable and executing a Perl script whose full pathname contains a long directory tree...

SUSE CVE-2005-0448

Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452...

SUSE CVE-2005-0503

uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges...

SUSE CVE-2005-0602

Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges...

SUSE CVE-2005-3531

fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters...

SUSE CVE-2005-4667

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long...

SUSE CVE-2006-2607

docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...