396 matches found
CVE-2024-28189 Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...
PT-2024-22322 · Judge0 · Judge0
Name of the Vulnerable Software and Affected Versions: Judge0 versions prior to 1.13.1 Description: The issue arises from the application's use of the UNIX chown command on an untrusted file within the sandbox. An attacker can exploit this by creating a symbolic link symlink to a file outside the...
The vulnerability of the chown package on the Node.js software platform allows a malicious actor to gain unauthorized access to arbitrary directories.
The vulnerability of the chown package on the Node.js software platform is related to synchronization errors when using a shared resource „Race Condition“. Exploiting this vulnerability can allow an attacker to gain unauthorized access to arbitrary directories...
Moderate: Red Hat Security Advisory: rpm security update
An update for rpm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Moderate: Red Hat Security Advisory: rpm security update
An update for rpm is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: rpm security update
The RPM Package Manager RPM is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fixes: rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls...
CVE-2020-36770
pkgpostinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files...
PT-2024-10822 · Gentoo +1 · Gentoo +1
Name of the Vulnerable Software and Affected Versions: Slurm versions through 22.05.3 Description: The issue arises from the pkg postinst in the Gentoo ebuild for Slurm, which unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the...
BIT-2020-7221
mysqlinstalldb in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of authpamtooldir/authpamtool. NOTE: this does not affect the Oracle MySQL product,...
GHSA-CGF8-H3FP-H956 Pleaser privilege escalation vulnerability
please aka pleaser through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited. Here is how to see it in action: $ cd "$mktemp -d" $ git clone --depth 1 https://gitlab.com/edneville/please.git $ cd...
CVE-2023-28144
KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevateperfprivileges.sh chown calls...
CVE-2023-28144
KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevateperfprivileges.sh chown calls...
CVE-2023-28144
KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, are affected by a local privilege-escalation issue due to race conditions involving symlinks and elevate_perf_privileges.sh chown calls. The root cause is race conditions in file ownership changes, which can lead to eleva...
SUSE CVE-2008-0732
The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories...
SUSE CVE-2011-3180
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown...
SUSE CVE-2013-6442
The ownerset function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended...
SUSE CVE-2015-1336
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use...
SUSE CVE-2015-1350
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service capability stripping via a failed invocation of a system call, as...
SUSE CVE-2015-3339
Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped...
SUSE CVE-2017-9525
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...