Eject dmcrypt-get-device local code execution vulnerability

dmcrypt-get-device is in the debian and Linux eject packages. eject is the command to eject the CD and run CD-Changers under Linux. A local code execution vulnerability exists in eject dmcrypt-get-device. A local attacker could exploit this vulnerability to execute arbitrary code using elevated...

Debian DSA-3823-1 : eject - security update

Ilja Van Sprundel discovered that the dmcrypt-get-device helper used to check if a given device is an encrypted device handled by devmapper, and used in eject, does not check return values from setuid and setgid when dropping privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

CVE-2017-6964

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the 1 setuid or 2 setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through...

CVE-2017-6964

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the 1 setuid or 2 setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through...

Design/Logic Flaw

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the 1 setuid or 2 setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through...

CVE-2017-6964

CVE-2017-6964 describes a local privilege escalation in eject via the dmcrypt-get-device helper, which does not check return values from setuid() and setgid(). The flaw allows code execution with root privileges when using eject, as reported for Debian/Ubuntu packages (eject versions prior to 2.1...

CVE-2017-6964

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the 1 setuid or 2 setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through...

CVE-2017-6964

Removed by vendor...

Ubuntu: Security Advisory (USN-3246-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : Eject vulnerability (USN-3246-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3246-1 advisory. Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to...

USN-3246-1 eject vulnerability

Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator...

USN-3246-1: Eject vulnerability

Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator...

UBUNTU-CVE-2017-6964

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the 1 setuid or 2 setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through...

Debian: Security Advisory (DSA-3823-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-6964

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the 1 setuid or 2 setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through...

PT-2017-2372 · Debian +1 · Eject +1

Name of the Vulnerable Software and Affected Versions: eject versions 2.1.5+deb1+cvs20081104-13.1 and earlier on Debian eject versions before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10 eject versions before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS eject...