24 matches found
Privilege Escalation
s3d is vulnerable to privilege escalation. The pipeinitterminal function in main.c allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier...
Privilege Escalation
s3d is vulnerable to privilege escalation. The ptyinitterminal and pipeinitterminal functions in main.c allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier...
CVE-2014-1226
The pipeinitterminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876...
CVE-2013-6876
The 1 ptyinitterminal and 2 pipeinitterminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the...
CVE-2013-6876
The 1 ptyinitterminal and 2 pipeinitterminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the...
CVE-2013-6876
The 1 ptyinitterminal and 2 pipeinitterminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the...
CVE-2013-6876
The 1 ptyinitterminal and 2 pipeinitterminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the...
CVE-2014-1226
The pipeinitterminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876...
CVE-2014-1226
The CVE-2014-1226 entry concerns s3dvt’s pipe_init_terminal function in main.c, with local privilege escalation via setuid and reliance on bash 4.3 or earlier. Multiple sources (Veracode entries for s3dvt) confirm the root cause as an incomplete fix of CVE-2013-6876, affecting s3dvt 0.2.2 and ear...
CVE-2014-1226
The pipeinitterminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876...
CVE-2013-6876
The 1 ptyinitterminal and 2 pipeinitterminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the...
CVE-2016-0634
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine...
ALPINE-CVE-2016-0634
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine...
CVE-2016-0634
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine...
CVE-2016-0634
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine...
CVE-2016-0634
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine...
UBUNTU-CVE-2016-0634
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine...
CVE-2016-0634
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine...
Design/Logic Flaw
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...
Gnu Bash 4.3 CGI Scan Remote Command Injection
!/usr/bin/env python http connection import urllib2 Args management import optparse Error managemen import sys banner = """ | .-----.--.--. | .---.-.-----| |--. |. || | | | |. 1 | | --| | |. | |||| |. |.|||| |: 1 | |: 1 \ |::.. . | |::.. . / -------' -------' | Y | | | | | | | | | ||| | |. l |. 1...