CVE-2021-43412

CVE-2021-43412 affects GNU Hurd before 0.9 (20210404-9). The issue resides in libports, which accepts fake notification messages from any client on any port, enabling a use-after-free in port handling and leading to local privilege escalation to full root access. Connections across sources (Red H...

CVE-2021-43412

An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access...

CVE-2021-43412

An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access...

CVE-2021-43413

The CVE-2021-43413 entry concerns GNU Hurd before 0.9 20210404-9. A single pager port is shared among all processes that mmap a file, enabling any reader to modify files they can read and thereby potentially gain full root access. Available sources (NVD/Red Hat/Debian/CNVD/CVEdoc) reiterate this ...

CVE-2021-43413

An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access...

CVE-2021-43413

An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access...

CVE-2021-43414

CVE-2021-43414 affects GNU Hurd prior to version 0.9 20210404-9. The issue is in the authentication protocol used by the proc server, making it vulnerable to man-in-the-middle attacks and enabling local privilege escalation to obtain full root access. The connected PT-Security entry explicitly re...

CVE-2021-43414

An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access...

CVE-2021-43414

An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access...

CVE-2021-43411

CVE-2021-43411 affects GNU Hurd up to version 0.9 20210404-9. When attempting to exec a setuid executable, a window exists where the process has new privileges but still references the old task and is reachable via the old process port, enabling full root access according to the vulnerability des...

CVE-2021-43411

An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root...

CVE-2021-43411

An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root...

Gnu Hurd 资源管理错误漏洞

Gnu Hurd is a Gnu Project replacement for the Unix kernel. Used to implement the file system, network protocols, file access control, and other features implemented by the Unix kernel or similar kernels such as Linux, GNU Hurd has a security vulnerability that could be exploited by an attacker to...

GNU Hurd 安全漏洞

Gnu Hurd is a Gnu project replacement for the Unix kernel. A security vulnerability exists in GNU Hurd, which stems from the fact that in versions of GNU Hurd prior to 0.9 20210404-9 each person who maps a file shares a page navigation port, allowing anyone to modify any file they can read. any...

GNU Hurd 竞争条件问题漏洞

Gnu Hurd is a Gnu project replacement for the Unix kernel. It is used to implement file systems, network protocols, file access control, and other features implemented by the Unix kernel or similar kernels such as Linux. A security vulnerability exists in GNU Hurd, which originated in GNU Hurd...

GNU Hurd 授权问题漏洞

Gnu Hurd is a Gnu project replacement for the Unix kernel. It is used to implement the file system, network protocols, file access control, and other features implemented by the Unix kernel or similar kernels such as Linux. GNU Hurd suffers from a security vulnerability that stems from the use of...

PT-2021-23841 · Gnu Hurd · Gnu Hurd

Name of the Vulnerable Software and Affected Versions: GNU Hurd versions prior to 0.9 20210404-9 Description: An issue in the authentication protocol used by the proc server makes it vulnerable to man-in-the-middle attacks. This can be exploited for local privilege escalation, allowing attackers ...

openSUSE 15 Security Update : binutils (openSUSE-SU-2021:3616-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3616-1 advisory. Update to binutils 2.37: The GNU Binutils sources now requires a C99 compiler and library to build. Support for Realm Management Extension RME fo...

SUSE SLED15: binutils / binutils-devel / binutils-devel-32bit / binutils-gold / etc (SUSE-SU-2021:3616-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3616-1 advisory. Update to binutils 2.37: The GNU Binutils sources now requires a C99 compiler and library to build. Support for Realm...

openSUSE: Security Advisory for binutils (openSUSE-SU-2021:3616-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...