PT-2006-2847 · Linux · Linux

Name of the Vulnerable Software and Affected Versions: Linux versions prior to 2.6.17 Description: A directory traversal issue in the CIFS implementation allows local users to bypass chroot restrictions on an SMB-mounted filesystem by utilizing ".." sequences. Recommendations: For Linux versions...

CVE-2005-4347

The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver...

CVE-2005-4347

CVE-2005-4347 affects Linux 2.4 kernel patch kernel-patch-vserver (and 2.x) for Debian; the chroot barrier is not set correctly in util-vserver, potentially permitting unauthorised escapes from a vserver to the host. OpenVAS/Debian DSAs describe that this vulnerability is limited to the 2.4 patch...

Ubuntu 4.10 : postfix vulnerability (USN-74-1)

Jean-Samuel Reynaud noticed a programming error in the IPv6 handling code of Postfix when /proc/net/ifinet6 is not available which is the case in Ubuntu since Postfix runs in a chroot. If 'permitmxbackup' was enabled in the 'smtpdrecipientrestrictions', Postfix turned into an open relay, i. e...

CVE-2005-4347

The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver...

rssh restricted shell protection bypass

With rsshchroothelper it's possible to chroot behind restricted directory...

GLSA-200512-17 : scponly: Multiple privilege escalation issues

The remote host is affected by the vulnerability described in GLSA-200512-17 scponly: Multiple privilege escalation issues Max Vozeler discovered that the scponlyc command allows users to chroot into arbitrary directories. Furthermore, Pekka Pessi reported that scponly insufficiently validates...

rssh: root privilege escalation flaw

Affected Software: rssh - all versions prior to 2.3.0 Vulnerability: local user privilege escalation Severity: CRITICAL Impact: local users can gain root access Solution: Please upgrade to v2.3.1 Summary ------- rssh is a restricted shell which allows a system administrator to limit users' access...

scponly: Multiple privilege escalation issues

Background scponly is a restricted shell, allowing only a few predefined commands. It is often used as a complement to OpenSSH to provide access to remote users without providing any remote execution privileges. Description Max Vozeler discovered that the scponlyc command allows users to chroot...

CVE-2005-3345

CVE-2005-3345 affects rssh versions 2.0.0 through 2.2.3, enabling local users to bypass access restrictions and gain root privileges via the rssh_chroot_helper chroot to an external directory. The connected sources confirm the vulnerability and its local-privilege-escalation impact, but do not pr...

CVE-2005-3345

rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rsshchroothelper command to chroot to an external directory...

CVE-2005-3345

Removed by vendor...

CVE-2005-4532

scponlyc in scponly 4.1 and earlier, when the operating system supports LDPRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LDPRELOAD to...

CVE-2005-4532

scponlyc in scponly 4.1 and earlier, when the operating system supports LDPRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LDPRELOAD to...

CVE-2005-4532

CVE-2005-4532 affects scponly versions 4.1 and earlier. The root cause is a design/implementation flaw in scponlyc that can be exploited when LD_PRELOAD is available: an unprivileged user can create a chroot directory in their home, hard-link to a system setuid application, and override expected ...

rssh -- privilege escalation vulnerability

Pizzashack reports: Max Vozeler has reported a problem whereby rssh can allow users who have shell access to systems where rssh is installed and rsshchroothelper is installed SUID to gain root access to the system, due to the ability to chroot to arbitrary locations. There are a lot of potentiall...

CVSTrac chdir() chroot jail escape

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the chdir function that may allow an attacker to escape the chroot jail. An attacker, exploiting this flaw, would be able to access files outside of the web...

CVSTrac chdir() chroot jail escape

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the chdir function that may allow an attacker to escape the chroot jail. An attacker, exploiting this flaw, would be able to access files outside of the web...

vixie security update

CentOS Errata and Security Advisory CESA-2005:361 An updated vixie-cron package that fixes various bugs and a security issue is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The vixie-cron package contains the Vixie version of cron...

Low: Red Hat Security Advisory: vixie-cron security update

An updated vixie-cron package that fixes various bugs and a security issue is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specifie...