225 matches found
CVE-2022-25326
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable...
PT-2022-17214 · Fscrypt +1 · Fscrypt +1
Name of the Vulnerable Software and Affected Versions: fscrypt versions through 0.3.2 Description: The issue allows unprivileged users to exhaust filesystem space due to a world-writable directory created by default when setting up a filesystem. Recommendations: For fscrypt versions through 0.3.2...
CVE-2022-25328
The bashcompletion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoin...
CVE-2022-25327
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...
Google Fscrypt 操作系统操作系统命令注入漏洞
Google Fscrypt is an open source advanced tool from Google, Inc. Google fscrypt is vulnerable to command injection, which can be exploited by attackers to elevate privileges in certain situations...
Google Fscrypt 输入验证错误漏洞
Google Fscrypt is an open source advanced tool from Google, Inc. Google fscrypt is vulnerable to an input validation error, which results from inadequate validation of user-supplied input, and can be exploited by remote attackers to create fscrypt metadata files that prevent other users from...
Google Fscrypt 资源管理错误漏洞
Google Fscrypt is an open source advanced tool from Google Google. It is used to manage Linux native file system encryption. A resource management error vulnerability exists in Google fscrypt versions 0.3.0 through 0.3.2, which stems from user-supplied input that is not adequately validated. A...
Mageia: Security Advisory (MGASA-2021-0418)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-QJ26-7GRJ-WHG3 Privilege Escalation in fscrypt
The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...
Privilege Escalation in fscrypt
The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...
GO-2020-0027 Privilege escalation in github.com/google/fscrypt
After dropping and then elevating process privileges euid, guid, and groups are not properly restored to their original values, allowing an unprivileged user to gain membership in the root group...
The vulnerability of the fscrypt_do_page_crypto() function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the fscryptdopagecrypto function in the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
Updated kernel packages fix security vulnerabilities
This update is based on upstream 5.5.9 and fixes at least the following security vulnerabilities: In the Linux kernel 5.4.0-rc2, there is a use-after-free read in the blkaddtrace function in kernel/trace/blktrace.c which is used to fill out a blkiotrace structure and place it in a per-cpu...
Privilege Escalation
github.com/google/fscrypt is vulnerable to privilege escalation. It does not correctly restore the primary and supplementary group IDs to the values associated with the root user, allowing the attacker to escalate the privileges through applications that use the Linux-PAM aka pam...
CVE-2018-6558
The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...
CVE-2018-6558
The vulnerability CVE-2018-6558 affects the pam_fscrypt module of fscrypt, where versions prior to 0.2.4 may incorrectly restore primary and supplementary group IDs to the values of the root user. This flaw can allow an unprivileged attacker to gain privileges through login flows used by applicat...
CVE-2018-6558
The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...
CVE-2018-6558
The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...
DEBIAN-CVE-2018-6558
The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...
CVE-2018-6558
The pamfscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM aka pam...