14 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-10152
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The readconfigfile function in lib/hesiod.c in Hesiod 3.2.1 falls back to the .athena.mit.edu default domain when opening the configuration file fails, which...
RHEL 5 : hesiod (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - hesiod: Use of hard-coded unsafe configuration if configuration file cannot be opened CVE-2016-10152 - Th...
EulerOS 2.0 SP3 : hesiod (EulerOS-SA-2022-1729)
According to the versions of the hesiod package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment...
Huawei EulerOS: Security Advisory for hesiod (EulerOS-SA-2022-1729)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for hesiod (EulerOS-SA-2022-1348)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : hesiod (EulerOS-SA-2022-1325)
According to the versions of the hesiod package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment...
Huawei EulerOS: Security Advisory for hesiod (EulerOS-SA-2022-1325)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Advisory ROSA-SA-2021-1852
Software: hesiod 3.2.1 OS: Cobalt 7.9 CVE-ID: CVE-2016-10151 CVE-Crit: HIGH CVE-DESC: The hesiodinit function in lib / hesiod.c in Hesiod 3.2.1 compares EUID to UID to determine whether to use configurations from environment variables, allowing local users to gain privileges via 1 HESIODCONFIG or...
Fedora 29 : hesiod (2018-792ff3cafa)
Fix CVE-2016-10152 hard-coded DNS fallback Fix CVE-2016-10151 weak SUID check Move package to autosetup Resolves: 1332509 Resolves: 1332494 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...
Fedora 27 : hesiod (2018-25c6d1b417)
Fix CVE-2016-10152 hard-coded DNS fallback Fix CVE-2016-10151 weak SUID check Move package to autosetup Resolves: 1332509 Resolves: 1332494 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...
GLSA-201805-01 : hesiod: Root privilege escalation
The remote host is affected by the vulnerability described in GLSA-201805-01 hesiod: Root privilege escalation Multiple vulnerabilities have been discovered in hesiod that have remained unaddressed. Please review the referenced CVE identifiers for details. Impact : A remote or local attacker may ...
CVE-2016-10152
The readconfigfile function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache...
CVE-2016-10152
CVE-2016-10152 affects Hesiod 3.2.1. The read_config_file function in lib/hesiod.c falls back to the .athena.mit.edu default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache. The CVE is rated as critical (CVSS v3: 9...
[SECURITY] [DLA 795-1] hesiod security update
Package : hesiod Version : 3.0.2-21+deb7u1 CVE IDs : CVE-2016-10151 CVE-2016-10152 Debian Bugs : 852094, 852093 It was discovered that there were two vulnerabilities in hesiod, Project Athenas DNS-based directory service: CVE-2016-10151: A weak SUID check allowing privilege elevation...