142 matches found
[SECURITY] [DSA 2945-1] chkrootkit security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2945-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano June 03, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2945-1 (chkrootkit - security update)
Thomas Stangner discovered a vulnerability in chkrootkit, a rootkit detector, which may allow local attackers to gain root access when /tmp is mounted without the noexec option. OpenVAS Vulnerability Test $Id: deb2945.nasl 6637 2017-07-10 09:58:13Z teissa $ Auto-generated from advisory DSA 2945-1...
initramfs-tools未明安全漏洞
Bugtraq ID:66414 initramfs-tools是一款linux下生成initramfs的工具。 initramfs-tools没有用noexec选项不正确安装/run,可导致不明漏洞。 0 initramfs-tools Ubuntu linux用户可参考如下厂商提供的安全公告获得补丁信息: http://www.ubuntu.com/usn/usn-2153-1/...
initramfs-tools weak permissions
/run is mounted withour noexec option...
Ubuntu: Security Advisory (USN-2153-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2153-1: initramfs-tools vulnerability
Kees Cook discovered that initramfs-tools incorrectly mounted /run without the noexec option, contrary to expected behaviour...
Samba trans2open Overflow (*BSD x86)
This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the flaw on x86 Linux systems that do not have the noexec stack option set. This module requires Metasploit: https://metasploit.com/download Current source:...
Samba trans2open Overflow (Solaris SPARC)
$Id: trans2open.rb 7724 2009-12-06 05:50:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
httpd: AllowOverride Options=IncludesNoExec allows Options Includes
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring 1 Options Includes, 2 Options +Includes, or 3 Options +IncludesNOEXEC in a .htaccess file, and then...
httpd: AllowOverride Options=IncludesNoExec allows Options Includes
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring 1 Options Includes, 2 Options +Includes, or 3 Options +IncludesNOEXEC in a .htaccess file, and then...
Solaris locale Format Strings (noexec stack) Exploit
No description provided by source. / exploit for locale subsystem format strings bug In Solaris with noexec stack. Tested in Solaris 2.6/7.0 If it wont work, try adjust retloc offset. e.g. ./ex -o -4 $gcc -o ex ex.c ldd /usr/bin/passwd|sed -e 's/^.lib\0-9a-zA-Z\.so./-l\1/' usages: ./ex -h Thanks...
[SECURITY] [DSA 1111-1] New Linux kernel 2.6.8 packages fix privilege escalation
-------------------------------------------------------------------------- Debian Security Advisory DSA 1111-1 [email protected] http://www.debian.org/security/ Dann Frazier Jul 16th, 2006 http://www.debian.org/security/faq -...
CVE-2003-0335
rc.M in Slackware 9.0 calls quotacheck with the -M option, which causes the filesystem to be remounted and possibly reset security-relevant mount flags such as nosuid, nodev, and noexec...
Solaris locale Format Strings (noexec stack) Exploit
Exploit for solaris platform in category local exploits ==================================================== Solaris locale Format Strings noexec stack Exploit ==================================================== / exploit for locale subsystem format strings bug In Solaris with noexec stack. Test...
Solaris 2.6/7.0 - 'locale' Format Strings noexec stack Overflow
/ exploit for locale subsystem format strings bug In Solaris with noexec stack. Tested in Solaris 2.6/7.0 If it wont work, try adjust retloc offset. e.g. ./ex -o -4 $gcc -o ex ex.c ldd /usr/bin/passwd|sed -e 's/^.lib\0-9a-zA-Z\.so./-l\1/' usages: ./ex -h Thanks for Ivan Arce who found this bug...
Solaris 2.67.0 - locale Format Strings noexec stack Overflow
Solaris 2.67.0 - locale Format Strings noexec stack Overflow / exploit for locale subsystem format strings bug In Solaris with noexec stack. Tested in Solaris 2.6/7.0 If it wont work, try adjust retloc offset. e.g. ./ex -o -4 $gcc -o ex ex.c ldd /usr/bin/passwd|sed -e...
CVE-1999-0422
In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set...
CVE-1999-0422
The CVE-1999-0422 issue affects NetBSD 1.3.3 where the mount functionality allows local users to execute programs in file systems that have the noexec flag set. Root cause is a problem in mount; impact is local execution of potentially untrusted code within those noexec file systems. Public recor...
netbsd.noexec.txt
Date: Thu, 18 Mar 1999 21:27:39 +1100 From: matthew green To: [email protected] Subject: NetBSD Security Advisory 1999-007 -----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 1999-007 ================================= Topic: noexec mount flag is not properly handled by non-root mount...
CVE-1999-0422
In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set...