235 matches found
DEBIAN-CVE-2014-5206
The doremount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNTLOCKREADONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount"...
Design/Logic Flaw
The doremount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNTLOCKREADONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount"...
CVE-2014-5207
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNTNODEV, MNTNOSUID, and MNTNOEXEC and changing MNTATIMEMASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, ...
CVE-2014-5207
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNTNODEV, MNTNOSUID, and MNTNOEXEC and changing MNTATIMEMASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, ...
Fedora 20 : kernel-3.15.10-200.fc20 (2014-9466)
The 3.15.10 stable update contains a number of important fixes across the tree. Fix CVE-2014-5206, CVE-2014-5207: ro bind mount bypass with namespaces Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted...
CVE-2014-5206
The doremount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNTLOCKREADONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount"...
UBUNTU-CVE-2014-5207
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNTNODEV, MNTNOSUID, and MNTNOEXEC and changing MNTATIMEMASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, ...
UBUNTU-CVE-2014-5206
The doremount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNTLOCKREADONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount"...
CVE-2012-0787
The clonefile function in transfer.c in Augeas before 1.0.0, when copyifrenamefails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the 1 .augsave or 2 destination file when using th...
DEBIAN-CVE-2012-0787
The clonefile function in transfer.c in Augeas before 1.0.0, when copyifrenamefails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the 1 .augsave or 2 destination file when using th...
CVE-2012-0787
The clonefile function in transfer.c in Augeas before 1.0.0, when copyifrenamefails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the 1 .augsave or 2 destination file when using th...
Information disclosure
The clonefile function in transfer.c in Augeas before 1.0.0, when copyifrenamefails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the 1 .augsave or 2 destination file when using th...
CVE-2012-0787
The clonefile function in transfer.c in Augeas before 1.0.0, when copyifrenamefails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the 1 .augsave or 2 destination file when using th...
CVE-2012-0787
The clonefile function in transfer.c in Augeas before 1.0.0, when copyifrenamefails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the 1 .augsave or 2 destination file when using th...
Mandrake Linux Security Advisory : kernel (MDKSA-2006:086)
A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : Prior to Linux kernel 2.6.16.5, the kernel does not properly handle uncanonical return addresses on Intel EM64T CPUs which causes the kernel exception handler to run on the user stack with the wrong GS...