135 matches found
Updated systemd packages fix security vulnerability
In systemd prior to 234 a race exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race like this may lead to denial of service, unti...
CVE-2015-2553
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles junctions during mountpoint creation, which makes it easier for local users to gain privileges ...
CVE-2015-2553
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles junctions during mountpoint creation, which makes it easier for local users to gain privileges ...
CVE-2015-2553
CVE-2015-2553 affects the Windows kernel’s handling of mountpoint creation for reparse points, enabling local privilege escalation via sandboxed environments on Windows Vista/7/8/8.1/10 and corresponding server editions. Public writeups describe bypasses of the mitigation introduced by MS15-111 (...
DEBIAN-CVE-2014-5045
The mountpointlast function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service memory consumption or use-after-free ...
unbreakable enterprise kernel security update
kernel-uek 2.6.32-400.36.3uek - fix autofs/afs/etc. magic mountpoint breakage Al Viro Orabug: 19028505 CVE-2014-0203 - SELinux: Fix kernel BUG on empty security contexts. Stephen Smalley Orabug: 19028381 CVE-2014-1874 - floppy: don't write kernel-only members to FDRAWCMD ioctl output Matthew Dale...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted iCalendar file to the calendar application, the 2 dir or 3 file parameter to apps/filespdfviewer/viewer.php, or the 4 mountpoint parameter...
CVE-2013-0298
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted iCalendar file to the calendar application, the 2 dir or 3 file parameter to apps/filespdfviewer/viewer.php, or the 4 mountpoint parameter...
udisk buffer overflow
Buffer overflow on oversized mountpoint filname...
CVE-2011-1832
utils/mount.ecryptfsprivate.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call...
DEBIAN-CVE-2011-1832
utils/mount.ecryptfsprivate.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call...
CVE-2011-1831
utils/mount.ecryptfsprivate.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call...
CVE-2011-1832
utils/mount.ecryptfsprivate.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call...
Design/Logic Flaw
utils/mount.ecryptfsprivate.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call...
Information disclosure
utils/mount.ecryptfsprivate.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call...
CVE-2011-1832
CVE-2011-1832 affects ecryptfs-utils prior to version 90. A race condition in mount.ecryptfs_private’s mountpoint permission check could allow a local user to remove directories via an unmount call. The issue stems from inadequate validation before unmount/mount operations, enabling potential man...
CVE-2011-1832
utils/mount.ecryptfsprivate.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call...
CVE-2011-1832
utils/mount.ecryptfsprivate.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call...
quota security and bug fix update
1:3.13-8.0.1 - Add ocfs2 support Orabug: 14208111 1:3.13-8 - Fix CVE-2012-3417 incorrect use of tcpwrappers Resolves: 841448 1:3.13-7 - Fix parsing numeric arguments of setquota Resolves: 831520 1:3.13-6 - Do not use real domains in warnquota example Resolves: 680429 - Use /proc/mounts for...
mount-cifs: Multiple vulnerabilites
Background mount-cifs is the cifs filesystem mount helper split from Samba. Description Multiple vulnerabilities have been discovered in mount-cifs. Please review the CVE identifiers referenced below for details. Impact The vulnerabilities allow local users to cause a denial of service mtab...