UBUNTU-CVE-2017-20148

In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls...

UBUNTU-CVE-2016-20015

In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown...

CVE-2017-20148

In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls...

PT-2022-8014 · Logcheck · Logcheck

Name of the Vulnerable Software and Affected Versions: Logcheck versions through 1.3.23 Description: The issue allows for root privilege escalation from the logcheck user due to insecure recursive chown calls in the ebuild package for Logcheck on Gentoo. Recommendations: For versions through...

CVE-2017-18018: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. Affected Products All versions of...

CVE-2017-18018: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file

Security Advisory ID : BSA-2022-2073 Component : GNU Coreutils Revision : 1.0 In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of...

container-tools:rhel8 bug fix update

An update is available for fuse-overlayfs, container-selinux, udica, containers-common, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, python-podman, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common...

Phusion Passenger Race Condition Allows Privilege Escalation

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

NewStart CGSL MAIN 6.02 : unbound Multiple Vulnerabilities (NS-SA-2022-0064)

The remote NewStart CGSL host, running version MAIN 6.02, has unbound packages installed that are affected by multiple vulnerabilities: - DISPUTED Unbound before 1.9.5 allows an integer overflow in the regional allocator via regionalalloc. NOTE: The vendor disputes that this is a vulnerability...

Ubuntu 16.04 ESM : man-db vulnerability (USN-5334-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5334-1 advisory. It was discovered that man-db incorrectly handled permission changing operations in its daily cron job, and was therefore affected by a race condition. An attacke...

Quagga <= 1.2.4 Privilege Escalation Vulnerability

Quagga is prone to a privilege escalation vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

AZL-7336 CVE-2021-44038 affecting package quagga 1.2.4-15

An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update...

CVE-2021-44038

An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update...

Design/Logic Flaw

An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update...

CVE-2021-44038

An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update...

CVE-2021-44038

Removed by vendor...

Quagga 后置链接漏洞

Quagga is a routing software suite from the individual developer Kunihiro Ishiguro in the United States. The suite implements protocols such as OSPFv2, OSPFv3, and RIP v1/v2 on a variety of platforms, and provides route redistribution, route mapping, and other features. Quagga suffers from a...

Privilege Escalation

systemd-cron:sid is vulnerable to privilege escalation. In the cron package, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

openSUSE: Security Advisory for pcp (openSUSE-SU-2021:0348-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : pcp (openSUSE-2021-348)

This update for pcp fixes the following issues : - Drop unnecessary %pre/%post recursive chown calls bsc1152533 This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...