142 matches found
[SECURITY] [DLA 707-1] sudo security update
Package : sudo Version : 1.8.5p2-1+nmu3+deb7u2 CVE ID : CVE-2016-7032 CVE-2016-7076 Debian Bug : 842507 It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system, popen or wordexp C library functions with a user supplied argument. A...
DLA-707-1 sudo - security update
Bulletin has no description...
sudo -- Potential bypass of sudo_noexec.so via wordexp()
Todd C. Miller reports: A flaw exists in sudo's noexec functionality that may allow a user with sudo privileges to run additional commands even when the NOEXEC tag has been applied to a command that uses the wordexp function...
CVE-2016-7032
It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system or popen C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use this flaw to execute...
CVE-2016-7076
It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute...
Script execution on Linux target fails with “Permission Denied” even when executed as root.
Challenge When interacting with Linux servers, Veeam Backup & Replication may encounter a "Permission Denied" error during script execution Pre-freeze, post-thaw, and repository data mover agent scripts, even when the account being used is the root user. Cause All script files are uploaded to and...
Linux 3.17 noexec Bypass with Python ctypes and memfd_create Vulnerability
Exploit for linux platform in category local exploits Exploit Title: Linux = 3.17 noexec bypass with python ctypes and memfdcreate Date: 2015.10.14 Exploit Author: soyer Version: linux = 3.17 Tested on: Ubuntu 15.04 x8664 usage: $ ls -la execfile -rwxr-xr-x 1 soyer soyer 8600 Oct 14 15:04 execfil...
Linux Kernel 3.17 - Python ctypes and memfd_create noexec File Security Bypass
Linux Kernel 3.17 - Python ctypes and memfdcreate noexec File Security Bypass Exploit Title: Linux = 3.17 noexec bypass with python ctypes and memfdcreate Date: 2015.10.14 Exploit Author: soyer Version: linux = 3.17 Tested on: Ubuntu 15.04 x8664 usage: $ ls -la execfile -rwxr-xr-x 1 soyer soyer...
Linux Kernel 3.17 - 'Python ctypes and memfd_create' noexec File Security Bypass
Exploit Title: Linux = 3.17 noexec bypass with python ctypes and memfdcreate Date: 2015.10.14 Exploit Author: soyer Version: linux = 3.17 Tested on: Ubuntu 15.04 x8664 usage: $ ls -la execfile -rwxr-xr-x 1 soyer soyer 8600 Oct 14 15:04 execfile $ ./execfile bash: ./execfile: Permission denied $...
CVE-2014-0476
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...
CVE-2014-0476
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...
Input validation
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...
CVE-2014-0476
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...
DEBIAN-CVE-2014-5207
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNTNODEV, MNTNOSUID, and MNTNOEXEC and changing MNTATIMEMASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, ...
chkrootkit 0.49 - Local Root Vulnerability
No description provided by source. We just found a serious vulnerability in the chkrootkit package, which may allow local attackers to gain root access to a box in certain configurations /tmp not mounted noexec. The vulnerability is located in the function slapper in the shellscript chkrootkit:...
Solaris 2.6/7.0 /locale Subsystem Format String
No description provided by source. / source: http://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...
Fedora 19 : chkrootkit-0.49-9.fc19 (2014-7090)
A quoting issue was found in chkrootkit which would lead to a file in /tmp/ being executed, if /tmp/ was mounted without the noexec option. chkrootkit is typically run as the root user. A local attacker could use this flaw to escalate their privileges. Note that Tenable Network Security has...
chkrootkit LTS security update
Package : chkrootkit Version : 0.49-4+deb6u1 CVE ID : CVE-2014-0476 Thomas Stangner discovered a vulnerability in chkrootkit, a rootkit detector, which may allow local attackers to gain root access when /tmp is mounted without the noexec option...
CVE-2014-0476
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...
UBUNTU-CVE-2014-0476
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...