395 matches found
CVE-2017-16638
CVE-2017-16638 affects Gentoo net-misc/vde up to version 2.3.2-r4. A privilege-escalation exists where members of the qemu group can gain root privileges by a hard link operation in a directory on which the OpenRC init script calls chown recursively. The issue is fixed by upgrading to >= net-m...
CVE-2017-15945
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql...
CVE-2015-1336
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use...
Design/Logic Flaw
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use...
CVE-2015-1336
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use...
DEBIAN-CVE-2015-1336
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use...
CVE-2015-1336
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use...
UBUNTU-CVE-2015-1336
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use...
CVE-2015-1336
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use...
CVE-2015-1336
The CVE-2015-1336 entry concerns the man-db daily cleanup race in Mandb before 2.7.6.1-1 (Ubuntu/Debian packaging). A local user with access to the man account could escalate privileges via insecure chown usage in the mandb cleanup job. Affected software is the man-db package and the vulnerabilit...
CVE-2015-1336
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use...
CVE-2017-14730
The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LSUSER account for creation of a hard link...
GLSA-201709-11 : GIMPS: Root privilege escalation
The remote host is affected by the vulnerability described in GLSA-201709-11 GIMPS: Root privilege escalation It was discovered that Gentoos default GIMPS installation suffered from a privilege escalation vulnerability in the init script. This script calls an unsafe chown -R command in checkconfi...
GIMPS: Root privilege escalation
Background GIMPS, the Great Internet Mersenne Prime Search, is a software capable of find Mersenne Primes, which are used in cryptography. GIMPS is also used for hardware testing. Description It was discovered that Gentoo’s default GIMPS installation suffered from a privilege escalation...
CVE-2017-14484
The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search GIMPS allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed...
The vulnerability of the scheduler daemon in UNIX-like operating systems, Cron, allows a intruder to expand their privileges.
The vulnerability of the Cron task scheduler in UNIX-like operating systems is related to the incorrect definition of references before accessing a file. Exploiting this vulnerability allows an attacker, operating remotely, to increase their privileges by using the postinst script, through symlin...
CVE-2017-9525
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...
DEBIAN-CVE-2017-9525
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...
Design/Logic Flaw
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...
CVE-2017-9525
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...