DEBIAN-CVE-2013-1956

The createuserns function in kernel/usernamespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call...

UBUNTU-CVE-2013-1956

The createuserns function in kernel/usernamespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call...

PT-2013-3489 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.8.6 Description: The issue allows local users to bypass intended filesystem restrictions. This is due to the create user ns function in kernel/user namespace.c not checking whether a chroot directory exists th...

Mandriva Linux Security Advisory : stunnel (MDVSA-2013:130)

Updated stunnel packages fix security vulnerability : stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a...

Linux Kernel多个本地安全绕过漏洞

BUGTRAQ ID: 59052 Linux Kernel是Linux操作系统的内核。 Linux kernel存在多个安全绕过漏洞，攻击者可利用这些漏洞绕过某些安全限制并执行未授权操作。 0 Linux kernel 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.kernel.org/ define GNUSOURCE include unistd.h include sched.h include sys/types.h include sys/wait.h include fcntl.h includ...

Design/Logic Flaw

The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONENEWUSER and CLONEFS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child...

CVE-2013-1858

The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONENEWUSER and CLONEFS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child...

CVE-2013-1858

The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONENEWUSER and CLONEFS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child...

CVE-2013-1858

The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONENEWUSER and CLONEFS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child...

PT-2013-3436 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.8.3 Description: The issue allows local users to gain privileges by exploiting a flaw in the clone system-call implementation. This is achieved by calling chroot and leveraging the sharing of the / directory...

Linux Kernel 3.0 3.3.5 - CLONE_NEWUSER|CLONE_FS Local Privilege Escalation

Linux Kernel 3.0 3.3.5 - CLONENEWUSER|CLONEFS Local Privilege Escalation / source: https://www.securityfocus.com/bid/58478/info Linux kernel is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain kernel privileges, which will aid in further attacks....

Linux Kernel 3.0 < 3.3.5 - 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation

/ source: https://www.securityfocus.com/bid/58478/info Linux kernel is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain kernel privileges, which will aid in further attacks. / / clown-newuser.c -- CLONENEWUSER kernel root PoC Dedicated to: Locke...

FreeBSD : stunnel -- Remote Code Execution (c97219b6-843d-11e2-b131-000c299b62e1)

Michal Trojnara reports : 64-bit versions of stunnel with the following conditions : NTLM authentication enabled CONNECT protocol negotiation enabled Configured in SSL client mode An attacker that can either control the proxy server specified in the 'connect' option or execute MITM attacks on the...

stunnel -- Remote Code Execution

Michal Trojnara reports: 64-bit versions of stunnel with the following conditions: NTLM authentication enabled CONNECT protocol negotiation enabled Configured in SSL client mode An attacker that can either control the proxy server specified in the "connect" option or execute MITM attacks on the T...

dovecot security and bug fix update

1:2.0.9-5 - script-login did not drop privileges correctly 709095 - fix directory traversal due to not obeying chroot directive 709097 - check proxy destination host against SSL certificate name 754980 1:2.0.9-4 - dovecot may not set correct premissions for mail folder 697620 1:2.0.9-3 - fix...

dovecot: directory traversal due to not obeying chroot directive

script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script...

Fedora 16 : proftpd-1.3.4b-5.fc16 (2013-0468)

Jann Horn reported that there is a possible race condition in the handling of the MKD/XMKD FTP commands, when the UserOwner directive is involved, and the attacker is on the same physical machine as a running proftpd. This race applies to modsftp and the handling of the MKDIR SFTP request as well...

SuSE 11.1 Security Update : dhcp (SAT Patch Number 6671)

This update of dhcp fixes two security vulnerabilities : - Malformed client identifiers could cause a Denial of Service excessive CPU consumption, effectively causing further client requests to not be processed anymore. CVE-2012-3571 - Two unspecified memory leaks. CVE-2012-3954 Additionally, the...

Scientific Linux Security Update : bind on SL5.x i386/x86_64 (20120914)

"The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'deprecatednasllevel.inc'; include'compat.inc'; if...

RedHat Update for bind RHSA-2012:1267-01

Check for the Version of bind OpenVAS Vulnerability Test RedHat Update for bind RHSA-2012:1267-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...