Lucene search
K

48 matches found

Oracle linux
Oracle linux
added 2013/03/04 12:0 a.m.61 views

openssl security update

1.0.0-27.2 - fix for CVE-2013-0169 - SSL/TLS CBC timing attack 907589 - fix for CVE-2013-0166 - DoS in OCSP signatures checking 908052 - enable compression only if explicitly asked for or OPENSSLDEFAULTZLIB environment variable is set fixes CVE-2012-4929 857051 - use securegetenv everywhere inste...

5CVSS2.3AI score0.35584EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2012/09/28 12:0 a.m.17 views

GLSA-201209-22 : libgssglue: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201209-22 libgssglue: Privilege escalation libgssglue does not securely use getenv when loading a library for a setuid application. Impact : A local attacker could gain escalated privileges. Workaround : There is no known workarou...

6.2CVSS5.4AI score0.0044EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2011/12/13 12:0 a.m.11 views

SuSE 10 Security Update : libgssapi (ZYPP Patch Number 7541)

This update fixes insecure getenv usage, which could be used under some circumstances by local attackers do gain root privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

5.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/06/27 12:0 a.m.7 views

SuSE 10 Security Update : libgssapi (ZYPP Patch Number 7544)

This update fixes insecure getenv usage, which could be used under some circumstances by local attackers do gain root privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

5.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/06/03 12:0 a.m.35 views

FreeBSD : sudo -- Secure path vulnerability (d42e5b66-6ea0-11df-9c8d-00e0815b8da8)

Todd Miller reports : Most versions of the C library function getenv return the first instance of an environment variable to the caller. However, some programs, notably the GNU Bourne Again SHell bash, do their own environment parsing and may choose the last instance of a variable rather than the...

6.2CVSS5.5AI score0.00457EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2010/06/02 12:0 a.m.21 views

sudo -- Secure path vulnerability

Todd Miller reports: Most versions of the C library function getenv return the first instance of an environment variable to the caller. However, some programs, notably the GNU Bourne Again SHell bash, do their own environment parsing and may choose the last instance of a variable rather than the...

6.2CVSS6.5AI score0.00457EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2005/11/20 9:3 p.m.42 views

CVE-2005-3346

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LDPRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv...

7.2CVSS6.3AI score0.00847EPSS
Exploits0References1
NVD
NVD
added 2005/11/20 9:3 p.m.33 views

CVE-2005-3346

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LDPRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv...

7.2CVSS6.7AI score0.00847EPSS
Exploits0References9
Rows per page
Query Builder