4 matches found
PathAuditor - Detecting Unsafe Path Access Patterns
The PathAuditor is a tool meant to find file access related vulnerabilities by auditing libc functions. The idea is roughly as follows: Audit every call to filesystem related libc functions performed by the binary. Check if the path used in the syscall is user-writable. In this case an unprivileg...
CVE-2019-3461
Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a bind mount via rename which could result in local privilege escalation. Mounting via rename could potentially lead to a file being placed elsewhereon the filesystem hierarchy e.g. /etc/cron.d/ if the directory being cleaned up...
CVE-2019-3461
CVE-2019-3461 affects Debian tmpreaper 1.6.13+nmu1, due to a race condition during a (bind) mount via rename(). If the directory being cleaned is on the same filesystem, a mount could cause a file to land elsewhere in the hierarchy (e.g., /etc/cron.d/), enabling local privilege elevation. The iss...
[SECURITY] [DSA 4365-1] tmpreaper security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4365-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 10, 2019 https://www.debian.org/security/faq -...