395 matches found
CVE-2017-20148
In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls...
CVE-2009-3706
Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and OpenSolaris snv100 through snv117, allows local users to bypass intended limitations of the filechownself privilege via certain uses of the chown system call...
CVE-2024-28189
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...
CLSA-2024-1734007022 Fix CVE(s): CVE-2021-44038
SECURITY UPDATE: Unsafe chown/chmod operations in .service files - debian/patches/CVE-2021-44038.patch: remove chown/chmod commands from the .service files - CVE-2021-44038...
RLSA-2024:6986 Low: nano security update
GNU nano is a small and friendly text editor. Security Fixes: nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742 For more details about the security issues, including the impact, a CVSS scor...
Rocky Linux 8 : nano (RLSA-2024:6986)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:6986 advisory. nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742...
Low: nano security update
GNU nano is a small and friendly text editor. Security Fixes: nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742 For more details about the security issues, including the impact, a CVSS scor...
Amazon Linux 2 : nano (ALAS-2024-2590)
The version of nano installed on the remote host is prior to 2.9.8-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2590 advisory. nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a...
Medium: nano
Issue Overview: nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742 Affected Packages: nano Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for...
Amazon Linux 2023 : default-editor, nano, nano-default-editor (ALAS2023-2024-652)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-652 advisory. nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742 Tenable has extracted the preceding...
Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file
...
CVE-2024-5742
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privilege...
RHEL 4 : coreutils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - coreutils: tty hijacking possible in su via TIOCSTI ioctl CVE-2005-4890 - coreutils: race condition...
RHEL 7 : coreutils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - coreutils: memory corruption flaw in parsedatetime CVE-2014-9471 - coreutils: Non-privileged session can...
RHEL 6 / 7 : rh-mariadb101-mariadb and rh-mariadb101-galera (RHSA-2018:0574)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0574 advisory. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The...
CVE-2024-28189
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...
CVE-2024-28189 Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...
CVE-2024-28189
Judge0 sandbox escape (CVE-2024-28189) arises when the sandbox writes run_script to its directory and an attacker uses a symbolic link to target files outside the sandbox. This allows chown to be executed on arbitrary outside-of-sandbox files, enabling a sandbox escape and potentially complete RC...
CVE-2024-28189 Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...
CVE-2024-28189 Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...