flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console

A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. It contains a vulnerability similar to CVE-2017-5226 but using the TIOCLINUX ioctl command instead of TIOCSTI. If a Flatpak app is run on a Linux virtual console such as /dev/tty...

Information disclosure

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty...

CVE-2011-4916

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty...

CVE-2011-4916

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty...

CVE-2011-4916

CVE-2011-4916 affects the Linux kernel up to version 3.1, where local users could access /dev/pts/ and /dev/tty* to obtain sensitive keystroke information. The available connected sources (OSV/DEBIAN/NVD-style entries) confirm the local-priority impact but do not provide specific patch versions o...

Homebrew: Bypass of the installation sandbox by injecting keystrokes with TIOCSTI

While doing some internal testing recently, we ran into installation sandboxing and found a way to bypass it so that a formula's install script can execute commands outside of the sandbox. I understand from https://github.com/Homebrew/brew/issues/2986 that the sandbox is intended to prevent...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20160512)

Security Fixes : - A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privilege...

Linux Kernel <= 2.6.9 / <= 2.4.28 - vc_resize int Local Overflow Exploit

No description provided by source. / vcresize int overflow Copyright Georgi Guninski Cannot be used in vulnerability databases / include stdio.h include stdlib.h include sys/types.h include sys/stat.h include fcntl.h include linux/vt.h include sys/vt.h include sys/ioctl.h include string.h include...

Linux Kernel 2.6.x chown() Group Ownership Alteration Exploit

No description provided by source. / $Id: raptorchown.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorchown.c - syschown missing DAC controls on Linux Copyright c 2004 Marco Ivaldi [email protected] Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of file...

Plash sandbox protection bypass

It's possible to execute any command via /dev/tty device...

CVE-2007-1400

Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl...

CVE-2007-1400

Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl...

CVE-2007-1400

Plash allows sandboxed processes to open /dev/tty via TIOCSTI, enabling local users to escape sandbox restrictions and send characters to a shell process on the same terminal to execute arbitrary commands. This CVE (CVE-2007-1400) is documented with a local-privilege/escalation impact and does no...