CVE-2026-35370 uutils coreutils id Incorrect Access-Control Decisions via Misrepresented Group Membership

The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes...

CVE-2026-35370

The CVE concerns the id utility in uutils coreutils, where the groups= output is miscalculated because it uses the real GID instead of the effective GID to build the group list. This can cause output divergence from GNU coreutils, potentially affecting scripts and automated processes that rely on...

SunOS <= 4.1.3 LD_LIBRARY_PATH and LD_OPTIONS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/43/info There exists a vulnerability involving environment variables and setuid/setgid programs under SunOS 4.0 and higher. A dynamically-linked program that is invoked by a setuid/setgid program has access to the caller'...

DEBIAN-CVE-2012-1053

The changeuser method in the SUIDManager lib/puppet/util/suidmanager.rb in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors...

DSA-2283-1 krb5-appl - programming error

Bulletin has no description...

Linux ftpd ls privilege escalation

ls command is executed with effective gid 0...

Solaris_x86_mail_exploit.txt

Greetings, A few weeks ago I posted regarding an overflow in /usr/bin/mail on Solaris 2.7. I incorrectly stated that mail drops privs before the overflow occurs. Cheez Whiz, who wrote the shellcode, saw my post on Packetstorm and supplied the following information: ...The problem with your presen...