256 matches found
wildfly: Race condition on PID file allows for termination of arbitrary processes by local users
A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root...
mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018)
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the...
Moderate: Red Hat Security Advisory: rh-mysql57-mysql security update
An update for rh-mysql57-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2018-16145
The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of...
CVE-2016-8657
It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group root:jboss, 664. On systems using classic /etc/init.d init scripts i.e. on Red Hat Enterprise Linux 6 a...
[SECURITY] [DLA 1435-1] dnsmasq regression update
Package : dnsmasq Version : 2.72-3+deb8u3 Debian Bug : 860064 The dns-root-data update to 2017072601deb8u2 broke dnsmasqs init script, making dnsmasq no longer start when dns-root-data was installed. This update fixes dnsmasqs parsing of dns-root-data. For Debian 8 "Jessie", this problem has been...
PostgreSQL Backlink Vulnerability
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A backlink vulnerability exists in the Red Hat initialization scrip...
CVE-2016-8656
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation...
jboss: jbossas writable config files allow privilege escalation
It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group root:jboss, 664. On systems using classic /etc/init.d init scripts i.e. on Red Hat Enterprise Linux 6 a...
jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation
It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...
[SECURITY] Fedora 27 Update: corosync-2.4.4-1.fc27
This package contains the Corosync Cluster Engine Executive, several default APIs and libraries, default configuration files, and an init script...
mysql: unsafe chmod/chown use in init script (CPU Jan 2017)
Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root...
Micro Focus SUSE Linux Enterprise Server Competitive Conditions Vulnerability
Micro Focus SUSE Linux Enterprise Server is a suite of enterprise server edition Linux operating systems from Micro Focus in the UK. A competitive condition vulnerability exists in the postgresql init script in Micro Focus SUSE Linux Enterprise Server. An attacker can exploit this vulnerability t...
CVE-2017-14798
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root...
CVE-2017-14798
CVE-2017-14798 describes a race condition in the PostgreSQL init script that could allow an attacker who can access the postgres account to escalate privileges to root. Public material (including exploit code and security advisories) confirms the vulnerability path via the init script and local a...
mysql: unsafe chmod/chown use in init script (CPU Jan 2017)
Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root...
CVE-2017-12189
It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656...
CVE-2017-12189
It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656...
jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)
It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...
jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)
It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...