3 matches found
CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...
PT-2026-50619
Name of the Vulnerable Software and Affected Versions cifs-utils affected versions not specified Description A flaw exists in the cifs.upcall helper that fails to securely drop root privileges before performing user information lookups within a user-controlled environment. A local, low-privileged...
Debian Security Advisory DSA 2628-1 (nss-pam-ldapd - buffer overflow)
Garth Mollett discovered that a file descriptor overflow issue in the use of FDSET in nss-pam-ldapd, which provides NSS and PAM modules for using LDAP as a naming service, can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that...