Lucene search
K

396 matches found

OSV
OSV
added 2016/05/25 8:22 p.m.5 views

USN-2985-1 eglibc, glibc vulnerabilities

Martin Carpenter discovered that ptchown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. CVE-2013-2207, CVE-2016-2856 Robin Hack discovered that the Name Service Switch NSS...

9.8CVSS7.5AI score0.07629EPSS
Exploits6References12
NVD
NVD
added 2016/05/02 10:59 a.m.25 views

CVE-2015-1350

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service capability stripping via a failed invocation of a system call, as...

5.5CVSS6.6AI score0.00489EPSS
Exploits1References5
OSV
OSV
added 2016/05/02 10:59 a.m.2 views

DEBIAN-CVE-2015-1350

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service capability stripping via a failed invocation of a system call, as...

5.5CVSS5.7AI score0.00489EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2016/05/02 12:0 a.m.33 views

CVE-2015-1350

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service capability stripping via a failed invocation of a system call, as...

5.5CVSS6.8AI score0.00489EPSS
Exploits1References3
OSV
OSV
added 2016/05/02 12:0 a.m.3 views

UBUNTU-CVE-2015-1350

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service capability stripping via a failed invocation of a system call, as...

5.5CVSS7AI score0.00489EPSS
Exploits1References4
exploitpack
exploitpack
added 2016/02/22 12:0 a.m.51 views

Ubuntu 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation

Ubuntu 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation Source: http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/ Introduction Problem description: With Ubuntu Wily and earlier, /usr/lib/ptchown was used to change ownership of slave pts...

1AI score
Exploits0
Exploit DB
Exploit DB
added 2016/02/22 12:0 a.m.153 views

Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation

Source: http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/ Introduction Problem description: With Ubuntu Wily and earlier, /usr/lib/ptchown was used to change ownership of slave pts devices in /dev/pts to the same uid holding the master file descriptor for the slave...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/11/19 7:56 p.m.4 views

kernel: race condition between chown() and execve()

A race condition flaw was found between the chown and execve system calls. When changing the owner of a setuid user binary to root, the race condition could momentarily make the binary setuid root. A local, unprivileged user could potentially use this flaw to escalate their privileges on the syst...

6.2CVSS6.7AI score0.00317EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/11/19 6:24 a.m.1 views

kernel: race condition between chown() and execve()

A race condition flaw was found between the chown and execve system calls. When changing the owner of a setuid user binary to root, the race condition could momentarily make the binary setuid root. A local, unprivileged user could potentially use this flaw to escalate their privileges on the syst...

6.2CVSS6.7AI score0.00317EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2015/09/18 12:0 a.m.46 views

Ubuntu: Security Advisory (USN-2601-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.2CVSS6.3AI score0.00317EPSS
Exploits0References2
exploitpack
exploitpack
added 2015/09/10 12:0 a.m.21 views

Apple Mac OSX Install.Framework - Arbitrary mkdir unlink and chown to Admin Group

Apple Mac OSX Install.Framework - Arbitrary mkdir unlink and chown to Admin Group Source: https://code.google.com/p/google-security-research/issues/detail?id=477 Install.framework has a suid root binary here: /System/Library/PrivateFrameworks/Install.framework/Resources/runner This binary vends t...

Exploits0
Tenable Nessus
Tenable Nessus
added 2015/08/04 12:0 a.m.44 views

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150722)

A flaw was found in the way Linux kernel's Transparent Huge Pages THP implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages. CVE-2014-3940, Moderate A buffer overflow flaw was found in the way the Linu...

6.2CVSS6.7AI score0.04517EPSS
Exploits1References9
OpenVAS
OpenVAS
added 2015/07/23 12:0 a.m.36 views

RedHat Update for kernel RHSA-2015:1272-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.2CVSS7AI score0.04517EPSS
Exploits1References2
CNVD
CNVD
added 2015/06/01 12:0 a.m.4 views

Synology Cloud Station Elevation of Privilege Vulnerability

Synology Cloud Station is a solution for synchronizing data between all devices using a cloud station. A security vulnerability in the clientchown tool in the Synology Cloud Station's synchronization client client for OS X-based platforms allows a local attacker to change the ownership of arbitra...

6.8CVSS6.9AI score0.00757EPSS
Exploits0References1
OSV
OSV
added 2015/05/27 10:59 a.m.1 views

DEBIAN-CVE-2015-3339

Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped...

6.2CVSS6.2AI score0.00317EPSS
Exploits0References1
Prion
Prion
added 2015/05/27 10:59 a.m.18 views

Race condition

Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped...

6.2CVSS6.8AI score0.00317EPSS
Exploits0References18Affected Software2
Debian CVE
Debian CVE
added 2015/05/27 10:0 a.m.66 views

CVE-2015-3339

Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped...

6.2CVSS6.7AI score0.00317EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/05/11 12:0 a.m.11 views

Ubuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-2597-2)

USN-2597-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. A race condition betwe...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/05/11 12:0 a.m.17 views

Ubuntu 14.10 : linux regression (USN-2600-2)

USN-2600-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. A race condition betwe...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/05/11 12:0 a.m.11 views

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerability (USN-2599-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2599-2 advisory. USN-2599-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the...

5.6AI score
Exploits0References1
Rows per page
Query Builder