9 matches found
SUSE: Security Advisory (SUSE-SU-2014:0928-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Privilege Escalation
The ppc64-diag packages provide diagnostic tools for Linux on the 64-bit PowerPC platforms. The platform diagnostics write events reported by the firmware to the service log, provide automated responses to urgent events, and notify system administrators or connected service frameworks about the...
Security Bulletin: PowerKVM is affected by ppc64-diag and powerpc-utils vulnerabilities (Multiple CVEs)
Summary PowerKVM is affected by multiple vulnerabilities in ppc64-diag and powerpc-utils. Vulnerability Details CVEID: CVE-2014-4038 DESCRIPTION: ppc64-diag could allow a local attacker to launch a symlink attack. lpdelatest.sh creates temporary files insecurely. A local attacker could exploit th...
openSUSE: Security Advisory for ppc64-diag (openSUSE-SU-2014:0953-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for ppc64-diag (openSUSE-SU-2014:0953-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ppc64-diag: fix for tmp races and information disclosure (important)
ppc64-diag was updated to fix tmp race issues CVE-2014-4038 and a file disclosure problem in snapshot tarball generation CVE-2014-4039...
ppc64-diag: fix for tmp races and information disclosure (important)
ppc64-diag was updated to fix tmp race issues CVE-2014-4038 and a file disclosure problem in snapshot tarball generation CVE-2014-4039...
CVE-2014-4039
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf...
CVE-2014-4039
The CVE-2014-4039 issue affects ppc64-diag (version 2.6.1) where 0755 permissions on /tmp/diagSEsnap and lax restrictions on /tmp/diagSEsnap/snapH.tar.gz enable a local attacker to read an archive and obtain sensitive information (e.g., contents in /var/log/messages and /etc/yaboot.conf). The vul...