CVE-2016-6299

The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file...

CentOS 7 : util-linux (CESA-2017:0907)

An update for util-linux is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

PT-2017-2109 · Mock · Mock

Name of the Vulnerable Software and Affected Versions: mock affected versions not specified Description: The issue is related to the scm plug-in in mock, which may allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. This is due to...

CVE-2016-10123

Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges...

DEBIAN-CVE-2016-10123

Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges...

UBUNTU-CVE-2016-10118

Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /...

CVE-2016-10118

Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /...

CVE-2016-10123

Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges...

CVE-2016-10118

Firejail exposes a local-privilege issue: in CVE-2016-10118, a local user can truncate /etc/resolv.conf by performing a chroot to /. The NVD entry confirms LOCAL access with LOW/LOW remote? to integrity and confidentiality impact as stated, with impact limited to integrity (PARTIAL) and no confid...

CVE-2016-10118

Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /...

libblkid, libmount, libuuid, util, uuidd security update

CentOS Errata and Security Advisory CESA-2017:0907 An update for util-linux is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

Scientific Linux Security Update : util-linux on SL7.x x86_64 (20170412)

Security Fixes : - A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. CVE-2017-2616 Bug Fixes : - The 'findmnt --target ' command prints all...

RHEL 7 : util-linux (RHSA-2017:0907)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0907 advisory. The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these...

Moderate: Red Hat Security Advisory: util-linux security and bug fix update

An update for util-linux is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ProFTPD Local Security Bypass Vulnerability

ProFTPD is an FTP server program for Unix or Unix-like platforms such as Linux, FreeBSD, etc.. A local security bypass vulnerability exists in ProFTPD version 1.3.6 before 1.3.5e and 1.3.6 before 1.3.6rc5, which allows a local attacker to bypass the AllowChrootSymlinks control by replacing one of...

UBUNTU-CVE-2017-7418

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass th...

PT-2017-17724 · Proftpd +2 · Proftpd +2

Name of the Vulnerable Software and Affected Versions: ProFTPD versions prior to 1.3.5e ProFTPD versions 1.3.6 prior to 1.3.6rc5 Description: The issue allows attackers with local access to bypass the AllowChrootSymlinks control by replacing a path component other than the last one with a symboli...

proftpd -- user chroot escape vulnerability

NVD reports: ProFTPD ... controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks...

CVE-2016-2781

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...

AZL-6355 CVE-2016-2781 affecting package coreutils for versions less than 8.32-1

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...