USN-2584-1: Linux kernel (EC2) vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

Linux kernel chown() elevation of privilege vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. An elevation of privilege vulnerability exists in the Linux kernel, which originates from an elevation of privilege vulnerability when a program uses the chown command to chan...

CVE-2015-3339

Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped...

CVE-2013-6124

The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...

CVE-2013-6124

The CVE-2013-6124 entry describes a local privilege escalation in Code Aurora Forum (CAF) Android 4.1.x–4.4.x where Qualcomm Innovation Center (QuIC) init scripts allow a symlink attack to modify file metadata. Specifically, during device startup, init shell scripts run with root privileges and m...

CVE-2013-6124

The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...

freebsd/x86 chown 0:0 , chmod 6755 & execve /tmp/sh 44 bytes

No description provided by source. / FreeBSD shellcode chown/tmp/sh, 0, 0; chmod/tmp/sh, 06755; 44 bytes Claes M. Nyberg 20020209 [email protected], [email protected] / / void mainvoid asm xor %eax, %eax eax = 0 pushl %eax string ends with NULL pushl $0x68732f2f push 'hs//' //sh pushl...

ISDN4Linux 3.1 IPPPD Device String SysLog Format String Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/5437/info isdn4linux is a freely available, open source package of isdn compatibility tools. It is available for Linux operating systems. isdn4linux contains a format string vulnerability in the ipppd utility. In some...

48 bytes chown root:root /bin/sh x86 linux shellcode

No description provided by source. / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ \ /\ \...

XFree86 X11R6 3.3.x Font Server Remote Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6241/info A remotely exploitable buffer overrun condition has been reported in the XFS font server, fs.auto used by multiple vendors. This vulnerability may be exploited by remote attackers to execute commands on the targ...

CDRDAO 1.1.x Home Directory Configuration File Symbolic Link Vulnerability (3)

No description provided by source. source: http://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves it's configuration to the .cdrda...

CVE-2011-3180

kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown...

Design/Logic Flaw

kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown...

CVE-2011-3180

kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown...

samba: smbcacls will delete ACL lists in certain circumstances

The ownerset function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended...

DEBIAN-CVE-2013-6442

The ownerset function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended...

UBUNTU-CVE-2013-6442

The ownerset function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended...

CVE-2013-6442

Samba CVE-2013-6442 affects Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6. The owner_set in smbcacls.c can remove an ACL during --chown/--chgrp usage, potentially bypassing intended access restrictions in opportunistic circumstances due to an unintended administrative change. OpenVAS entries c...

Qualcomm chown init scripts

Insecure owner/permission changes in init shell scripts CVE-2013-6124: During the device start-up phase, several init shell scripts are executed with root privileges to configure various aspects of the system. During this process, standard toolchain commands such as chown or chmod are used to,...

SuSE 11.3 Security Update : mysql, mysql-client (SAT Patch Number 8364)

This version upgrade of mysql to 5.5.33 fixed multiple security issues : - CVE-2013-1861 / CVE-2013-3783 / CVE-2013-3793 / CVE-2013-3794 - CVE-2013-3795 / CVE-2013-3796 / CVE-2013-3798 / CVE-2013-3801 - CVE-2013-3802 / CVE-2013-3804 / CVE-2013-3805 / CVE-2013-3806 - CVE-2013-3807 / CVE-2013-3808 ...