jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation

It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...

SUSE-SU-2017:3107-1 Security update for postgresql-init

This update for postgresql-init fixes the following issues: - CVE-2017-14798: A race condition in the init script could be used by attackers able to access the postgresql account to escalate their privileges to root bsc1062722...

GLSA-201711-11 : VDE: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201711-11 VDE: Privilege escalation It was discovered that Gentoos default VDE installation suffered from a privilege escalation vulnerability in the init script. This script calls an unsafe chown command which gives members from...

CVE-2016-10089

A vulnerability was found in Nagios 4.2.4, and earlier, which allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. Mitigation This flaw, and others like it, are mitigated by enabling hardlink and symlink protections. These...

Gentoo app-admin/logstash-bin Package Privilege Gain Vulnerability

The Gentoo app-admin/logstash-bin package is a user management package from the Gentoo Foundation. A security vulnerability exists in the Gentoo app-admin/logstash-bin package in versions 5.6.x prior to 5.6.1 and versions prior to 5.5.3. A local attacker can exploit this vulnerability to gain...

CVE-2017-14730

The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LSUSER account for creation of a hard link...

CVE-2017-14681

The daemon in P3Scan 3.0rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill cat...

mysql: unsafe chmod/chown use in init script (CPU Jan 2017)

Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root...

GLSA-201709-11 : GIMPS: Root privilege escalation

The remote host is affected by the vulnerability described in GLSA-201709-11 GIMPS: Root privilege escalation It was discovered that Gentoos default GIMPS installation suffered from a privilege escalation vulnerability in the init script. This script calls an unsafe chown -R command in checkconfi...

GIMPS: Root privilege escalation

Background GIMPS, the Great Internet Mersenne Prime Search, is a software capable of find Mersenne Primes, which are used in cryptography. GIMPS is also used for hardware testing. Description It was discovered that Gentoo’s default GIMPS installation suffered from a privilege escalation...

UBUNTU-CVE-2017-14102

MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as...

mysql: unsafe chmod/chown use in init script (CPU Jan 2017)

Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root...

DEBIAN-CVE-2017-11565

debian/tor.init in the Debian tor0.2.9.11-1deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly with a wrong assumption that the specific pathname would remain the same forever, which allows...

openSUSE Security Update : open-vm-tools (openSUSE-2017-385)

This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues : - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework CAF - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand ...

jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation

It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...

jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation

It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...

jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation

It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...

SUSE SLED12 / SLES12 Security Update : open-vm-tools (SUSE-SU-2017:0701-1)

This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues : - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework CAF - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand ...

tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation

It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation...

tomcat: tomcat writable config files allow privilege escalation

It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...