15 matches found
CVE-2026-35371
CVE-2026-35371 concerns the id utility in the uutils coreutils package. The vulnerability arises in the pretty print mode, where the tool incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This causes the output to misreport the i...
RHEL 5 : bash (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution CVE-2016-7543 - bash: when...
SUSE CVE-2017-14140
The movepages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR...
CLSA-2022-1650910003 Fix of CVE: CVE-2019-18276
CVE-2019-18276: Fix priviledge dropping when running with effective UID not equal to real UID...
CLSA-2022-1650909007 Fixed CVE-2019-18276 in bash
CVE-2019-18276: Fix priviledge dropping when running with effective UID not equal to real UID...
bash security and bug fix update
4.4.19-14 - Fix hang when limit for nproc is very high Resolves: 1890888 4.4.19-13 - Correctly drop saved UID when effective UID is not equal to its real UID Resolves: 1793943...
bash: when effective UID is not equal to its real UID the saved UID is not dropped
A privilege escalation vulnerability was found in bash in the way it dropped privileges when started with an effective user id not equal to the real user id. Bash may be vulnerable to this flaw if the setuid permission is set and the owner of the bash program itself is a non-root user. A local...
VMware Fusion USB Arbitrator Setuid Privilege Escalation
This exploits an improper use of setuid binaries within VMware Fusion 10.1.3 - 11.5.3. The Open VMware USB Arbitrator Service can be launched outide of its standard path which allows loading of an attacker controlled binary. By creating a payload in the user home directory in a specific folder, a...
kernel: Missing permission check in move_pages system call
The movepages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process. This enables a local attacker to learn the memory layout of a setuid executable allowing mitigation of ASLR...
kernel: Missing permission check in move_pages system call
The movepages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process. This enables a local attacker to learn the memory layout of a setuid executable allowing mitigation of ASLR...
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3444-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3444-1 advisory. Jan H. Schnherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could u...
CVE-2017-14140
The movepages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR...
SunOS <= 4.1.3 LD_LIBRARY_PATH and LD_OPTIONS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/43/info There exists a vulnerability involving environment variables and setuid/setgid programs under SunOS 4.0 and higher. A dynamically-linked program that is invoked by a setuid/setgid program has access to the caller'...
Multiple glftpd bugs
Directory traversal in messaging system, archive extraction, effective uid problem...
Solaris whodo Vulnerability
Vulnerability in Solaris whodo Date Published: July 5, 2001 Advisory ID: N/A Bugtraq ID: 2935 CVE CAN: Non currently assigned. Title: Solaris whodo Buffer Overflow Vulnerability Class: Boundary Error Condition Remotely Exploitable: No Locally Exploitable: Yes Vulnerability Description: The whodo...