Directory traversal

Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory...

CVE-2007-4683

Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory...

CVE-2007-4683

Apple Mac OS X 10.4.x kernels are affected by CVE-2007-4683, a local directory traversal vulnerability in the kernel that allows a local user to bypass chroot restrictions by using a relative path when changing the current working directory. The issue affects Mac OS X 10.4 through 10.4.10; impact...

CVE-2007-5471

libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service daemon exit via a GSS-TSIG request. NOTE: this issue probably affects other daemons that...

Code injection

The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges...

CVE-2007-5194

The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges...

CVE-2007-5194

The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges...

CVE-2007-5194

The CVE-2007-5194 entry concerns the Chroot server in rMake 1.0.11. A local-priority issue arises because it creates a /dev/zero device file with read/write permissions for the rMake user and shares the minor device number with /dev/port, enabling potential local privilege escalation to root. The...

CVE-2006-1863

Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\" sequences, a similar vulnerability to CVE-2006-1864...

[Full-disclosure] OSNews

http://distrowatch.com/weekly.php?issue=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd00 Someone forget their chroot soup this morning...

MPack with virtual hosting and PHP security-vulnerability warning-the black bar safety net

MPack is by a self-proclaimed "Dream Coders Team" of the organization development of the PHP program, which contain a number of the latest exploit code can be used to manipulate the distal end of attacks on Panda Labs at the end of last year when for the first time found that, at the time someone...

MDKA-2007:079 : postfix

This update to the postfix package fixes two bugs in the chroot script that in some cases could have prevented postfix from working at all: - The chroot script would malfunction if no postfix dynamic maps were installed - The chroot script would not enforce a safe umask, and could create a chroot...

SOL5165 - rsync directory traversal vulnerability - CAN-2004-0792

Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. Information about this advisory is available at the following location:...

security flaw

Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\" sequences, a similar vulnerability to CVE-2006-1864...

Design/Logic Flaw

The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges...

CVE-2007-0536

The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges...

CVE-2007-0536

The CVE-2007-0536 issue affects rPath Linux 1: the rMake chroot helper fails to drop supplemental groups, causing packages to be installed with insecure permissions and potentially enabling local privilege escalation. Root cause: missing drop of supplemental groups in the chroot helper. Impact: l...

CVE-2007-0536

The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges...

Fedora Core 4 : kernel-2.6.16-1.2108_FC4 (2006-517)

Mark Moseley reported that a chroot environment on a SMB share can be left via 'cd ..'. Similar to CVE-2006-1863 issue with cifs, this fix is for smbfs. CVE-2006-1864 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...

GNU InetUtils ftpd 1.4.2 - 'ld.so.preload' Remote Code Execution

FTP server GNU inetutils 1.4.2 Remote Root Exploit This program remotely exploits the most recent versions of GNU inetutils ftpd on linux systems. Requirements: 1. There MUST be a chroot'ed environment for the logged in user 2. Directory etc must be writeable by the logged in user duh! The exploi...