PT-2013-3436 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.8.3 Description: The issue allows local users to gain privileges by exploiting a flaw in the clone system-call implementation. This is achieved by calling chroot and leveraging the sharing of the / directory...

Linux Kernel 3.0 < 3.3.5 - 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation

/ source: https://www.securityfocus.com/bid/58478/info Linux kernel is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain kernel privileges, which will aid in further attacks. / / clown-newuser.c -- CLONENEWUSER kernel root PoC Dedicated to: Locke...

Linux Kernel 3.0 3.3.5 - CLONE_NEWUSER|CLONE_FS Local Privilege Escalation

Linux Kernel 3.0 3.3.5 - CLONENEWUSER|CLONEFS Local Privilege Escalation / source: https://www.securityfocus.com/bid/58478/info Linux kernel is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain kernel privileges, which will aid in further attacks....

FreeBSD : stunnel -- Remote Code Execution (c97219b6-843d-11e2-b131-000c299b62e1)

Michal Trojnara reports : 64-bit versions of stunnel with the following conditions : NTLM authentication enabled CONNECT protocol negotiation enabled Configured in SSL client mode An attacker that can either control the proxy server specified in the 'connect' option or execute MITM attacks on the...

stunnel -- Remote Code Execution

Michal Trojnara reports: 64-bit versions of stunnel with the following conditions: NTLM authentication enabled CONNECT protocol negotiation enabled Configured in SSL client mode An attacker that can either control the proxy server specified in the "connect" option or execute MITM attacks on the T...

dovecot security and bug fix update

1:2.0.9-5 - script-login did not drop privileges correctly 709095 - fix directory traversal due to not obeying chroot directive 709097 - check proxy destination host against SSL certificate name 754980 1:2.0.9-4 - dovecot may not set correct premissions for mail folder 697620 1:2.0.9-3 - fix...

dovecot: directory traversal due to not obeying chroot directive

script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script...

Fedora 16 : proftpd-1.3.4b-5.fc16 (2013-0468)

Jann Horn reported that there is a possible race condition in the handling of the MKD/XMKD FTP commands, when the UserOwner directive is involved, and the attacker is on the same physical machine as a running proftpd. This race applies to modsftp and the handling of the MKDIR SFTP request as well...

SuSE 11.1 Security Update : dhcp (SAT Patch Number 6671)

This update of dhcp fixes two security vulnerabilities : - Malformed client identifiers could cause a Denial of Service excessive CPU consumption, effectively causing further client requests to not be processed anymore. CVE-2012-3571 - Two unspecified memory leaks. CVE-2012-3954 Additionally, the...

Scientific Linux Security Update : bind on SL5.x i386/x86_64 (20120914)

"The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'deprecatednasllevel.inc'; include'compat.inc'; if...

RedHat Update for bind RHSA-2012:1267-01

Check for the Version of bind OpenVAS Vulnerability Test RedHat Update for bind RHSA-2012:1267-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Slackware Advisory SSA:2004-124-01 rsync update

The remote host is missing an update as announced via advisory SSA:2004-124-01. OpenVAS Vulnerability Test $Id: esoftslkssa200412401.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

FreeBSD : rssh -- configuration restrictions bypass (a4598875-ec91-11e1-8bd8-0022156e8794)

Derek Martin rssh maintainer reports : John Barber reported a problem where, if the system administrator misconfigures rssh by providing too few access bits in the configuration file, the user will be given default permissions scp to the entire system, potentially circumventing any configured...

Scientific Linux Security Update : rsync on SL5.x i386/x86_64

rsync is a program for synchronizing files over a network. A flaw was found in the way the rsync daemon handled the 'filter', 'exclude', and 'exclude from' options, used for hiding files and preventing access to them from rsync clients. A remote attacker could use this flaw to bypass those...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

These new kernel packages fix the following security issues : A flaw was found in the virtual filesystem VFS. An unprivileged local user could truncate directories to which they had write permission; this could render the contents of the directory inaccessible. CVE-2008-0001, Important A flaw was...

Scientific Linux Security Update : openssh on SL5.x i386/x86_64

CVE-2008-5161 OpenSSH: Plaintext Recovery Attack against CBC ciphers A flaw was found in the SSH protocol. An attacker able to perform a man-in-the-middle attack may be able to obtain a portion of plain text from an arbitrary ciphertext block when a CBC mode cipher was used to encrypt SSH...

Scientific Linux Security Update : libcap on SL6.x i386/x86_64

The libcap packages provide a library and tools for getting and setting POSIX capabilities. It was found that capsh did not change into the new root when using the '--chroot' option. An application started via the 'capsh --chroot' command could use this flaw to escape the chroot restrictions...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4472)

This kernel update fixes the following security problems : - It was possible for local user to become root by exploiting a bug in the IA32 system call emulation. This affects x8664 platforms with kernel 2.4.x and 2.6.x before 2.6.22.7 only. CVE-2007-4573 - An information disclosure vulnerability ...

FreeBSD Security Advisory (FreeBSD-SA-11:07.chroot.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-11:07.chroot.asc SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

FreeBSD Security Advisory (FreeBSD-SA-11:07.chroot.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-11:07.chroot.asc ADV FreeBSD-SA-11:07.chroot.asc OpenVAS Vulnerability Test $ Description: Auto generated from ADV FreeBSD-SA-11:07.chroot.asc Authors: Thomas Reinke Copyright: Copyright c 2012...