Debian: Security Advisory (DLA-876-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Eject dmcrypt-get-device local code execution vulnerability

dmcrypt-get-device is in the debian and Linux eject packages. eject is the command to eject the CD and run CD-Changers under Linux. A local code execution vulnerability exists in eject dmcrypt-get-device. A local attacker could exploit this vulnerability to execute arbitrary code using elevated...

[SECURITY] [DSA 3823-1] eject security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3823-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 28, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 876-1] eject security update

Package : eject Version : 2.1.5+deb1+cvs20081104-13+deb7u1 CVE ID : CVE-2017-6964 Debian Bug : 858872 Ilja Van Sprundel discovered that eject a tool to eject CD/DVD drives did not properly handle errors returned from setuid/setgid. For Debian 7 "Wheezy", this issue has been fixed in eject version...

CVE-2017-6964

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the 1 setuid or 2 setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through...

Design/Logic Flaw

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the 1 setuid or 2 setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through...

CVE-2017-6964

CVE-2017-6964 describes a local privilege escalation in eject via the dmcrypt-get-device helper, which does not check return values from setuid() and setgid(). The flaw allows code execution with root privileges when using eject, as reported for Debian/Ubuntu packages (eject versions prior to 2.1...

CVE-2017-6964

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the 1 setuid or 2 setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through...

Ubuntu: Security Advisory (USN-3246-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2017-6964

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the 1 setuid or 2 setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through...

Debian: Security Advisory (DSA-3823-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-6964

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the 1 setuid or 2 setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through...

MDVA-2010:071 : eject

The eject package shipped in Mandriva Linux 2009.0, 2009.1, 2010.0 contains a bug which will lead to a failure when ejecting a DVD which has space characters within its name. The updated package fixes this problem. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers...