Lucene search
K

135 matches found

RedHat Linux
RedHat Linux
added 2012/02/13 8:30 p.m.2 views

glibc: Improper encoding of names with certain special character in utilities for writing to mtab table

The encodename macro in misc/mntentr.c in the GNU C Library aka glibc or libc6 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service mtab corruption, or possibly modify mount...

7.2CVSS6.1AI score0.00592EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2012/01/17 12:0 a.m.23 views

OverlayFS inode Security Checks - 'inode.c' Local Security Bypass

source: https://www.securityfocus.com/bid/51529/info OverlayFS is prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. !/bin/bash ddir=cat /proc/self/mountinfo | grep cgroup | grep devices | awk ' print ...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/01/12 12:0 a.m.28 views

Debian DSA-2382-1 : ecryptfs-utils - multiple vulnerabilities

Several problems have been discovered in eCryptfs, a cryptographic filesystem for Linux. - CVE-2011-1831 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrary...

9.8CVSS7.2AI score0.0098EPSS
Exploits0References13
OpenVAS
OpenVAS
added 2011/10/14 12:0 a.m.44 views

Mandriva Update for samba MDVSA-2011:148 (samba)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

3.3CVSS7.7AI score0.00531EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2011/09/07 12:0 a.m.43 views

Fedora 16 : ecryptfs-utils-90-1.fc16 (2011-10671)

privilege escalation via mountpoint race conditions CVE-2011-1831, CVE-2011-1832 - race condition when checking source during mount CVE-2011-1833 - mtab corruption via improper handling CVE-2011-1834 - key poisoning via insecure temp directory handling CVE-2011-1835 - information disclosure via...

4.6CVSS8.4AI score0.00382EPSS
Exploits2References7
OSV
OSV
added 2011/09/06 4:55 p.m.2 views

DEBIAN-CVE-2011-2724

The checkmtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the 1 device name and 2 mountpoint strings are composed of valid characters, which allows local users to cause a denial of service mtab corruption via a crafted string...

1.2CVSS6.4AI score0.00431EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2011/08/31 7:34 p.m.3 views

ecryptfs: multiple flaws to mount/umount arbitrary locations and possibly disclose confidential information

utils/mount.ecryptfsprivate.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call...

2.1CVSS7.3AI score0.00382EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/08/29 5:25 p.m.6 views

cifs-utils: mount.cifs incorrect fix for CVE-2010-0547

The checkmtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the 1 device name and 2 mountpoint strings are composed of valid characters, which allows local users to cause a denial of service mtab corruption via a crafted string...

2.1CVSS7.1AI score0.00488EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2011/08/29 5:19 p.m.6 views

samba: mount.cifs improper device name and mountpoint strings sanitization

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the 1 device name and 2 mountpoint strings are composed of valid characters, which allows local users to cause a denial of service mtab corruption via a crafted string...

2.1CVSS7.1AI score0.00488EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2011/08/10 12:0 a.m.40 views

Ubuntu 10.04 LTS / 10.10 / 11.04 : ecryptfs-utils vulnerabilities (USN-1188-1)

Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrary locations, leading to privilege escalation. CVE-2011-1831 Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs...

4.6CVSS8.4AI score0.00382EPSS
Exploits2References8
UbuntuCve
UbuntuCve
added 2011/08/09 12:0 a.m.30 views

CVE-2011-1832

utils/mount.ecryptfsprivate.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call...

2.1CVSS7.2AI score0.00382EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2011/07/20 6:16 p.m.6 views

fuse: unprivileged user can unmount arbitrary locations via symlink attack

FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789...

5.8CVSS5.9AI score0.09848EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2011/04/04 8:1 p.m.6 views

glibc: Improper encoding of names with certain special character in utilities for writing to mtab table

The encodename macro in misc/mntentr.c in the GNU C Library aka glibc or libc6 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service mtab corruption, or possibly modify mount...

7.2CVSS6.1AI score0.00592EPSS
Exploits1References4
OSV
OSV
added 2010/06/01 8:30 p.m.1 views

DEBIAN-CVE-2010-0296

The encodename macro in misc/mntentr.c in the GNU C Library aka glibc or libc6 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service mtab corruption, or possibly modify mount...

7.2CVSS4.5AI score0.00592EPSS
Exploits1References1
NVD
NVD
added 2010/06/01 8:30 p.m.23 views

CVE-2010-0296

The encodename macro in misc/mntentr.c in the GNU C Library aka glibc or libc6 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service mtab corruption, or possibly modify mount...

7.2CVSS7.7AI score0.00592EPSS
Exploits1References22
Prion
Prion
added 2010/06/01 8:30 p.m.33 views

Memory corruption

The encodename macro in misc/mntentr.c in the GNU C Library aka glibc or libc6 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service mtab corruption, or possibly modify mount...

7.2CVSS6.9AI score0.00592EPSS
Exploits1References22Affected Software1
CVE
CVE
added 2010/06/01 8:0 p.m.109 views

CVE-2010-0296

CVE-2010-0296 concerns the GNU C Library (glibc) up to version 2.11.1. The encode_name macro in misc/mntent_r.c fails to handle newline characters in mountpoint names, used by ncpmount and mount.cifs, leading to potential mtab corruption and, via crafted mount requests, local privilege elevation....

7.2CVSS7.6AI score0.00592EPSS
Exploits1References22Affected Software1
Debian CVE
Debian CVE
added 2010/06/01 8:0 p.m.43 views

CVE-2010-0296

The encodename macro in misc/mntentr.c in the GNU C Library aka glibc or libc6 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service mtab corruption, or possibly modify mount...

7.2CVSS4.7AI score0.00592EPSS
Exploits1
OpenVAS
OpenVAS
added 2010/05/17 12:0 a.m.28 views

Mandriva Update for samba MDVSA-2010:090-1 (samba)

Check for the Version of samba OpenVAS Vulnerability Test Mandriva Update for samba MDVSA-2010:090-1 samba Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

4.4CVSS5.4AI score0.00522EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2010/05/17 12:0 a.m.26 views

Mandriva Update for samba MDVSA-2010:090-1 (samba)

Check for the Version of samba OpenVAS Vulnerability Test Mandriva Update for samba MDVSA-2010:090-1 samba Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

4.4CVSS5.8AI score0.00522EPSS
Exploits1References2
Rows per page
Query Builder