19 matches found
EUVD-2006-5282
Malware in sbrugna...
CVE-2025-0913
CVE-2025-0913 : The Go standard library change fixes a mismatch in behavior of os.OpenFile with O_CREATE|O_EXCL when the path is a dangling symlink. Previously Unix vs Windows differed; now the operation returns an error if both flags are set and the target is a symlink. This vulnerability is rat...
NewStart CGSL CORE 5.04 / MAIN 5.04 : libqb Vulnerability (NS-SA-2020-0057)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libqb packages installed that are affected by a vulnerability: - libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without...
Open redirect
On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the OEXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by...
EulerOS 2.0 SP8 : libqb (EulerOS-SA-2020-1863)
According to the version of the libqb packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /t...
libqb security update
1.0.1-9 Also add OEXCL to logblackbox.c when creating files Resolves: rhbz1714853 1.0.1-8 Improve socket security Resolves: rhbz1714853...
Arbitrary File Overwrite
libqb is vulnerable to arbitrary file overwrite. An attacker is able to overwrite arbitrary files via a symlink attack due to the usage of predictable filenames under /dev/shm and /tmp without OEXCL...
CVE-2019-12779
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...
CVE-2019-12779
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...
CVE-2019-12779
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...
Design/Logic Flaw
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...
CVE-2019-12779
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...
Scientific Linux Security Update : kernel on SL5.x i386/x86_64
CVE-2009-2695 kernel: SELinux and mmapminaddr CVE-2009-3228 kernel: tc: uninitialised kernel memory leak CVE-2009-3286 kernel: OEXCL creates on NFSv4 are broken CVE-2009-2908 kernel ecryptfs NULL pointer dereference CVE-2009-3613 kernel: flood ping cause out-of-iommu error and panic when mtu larg...
kernel security and bug fix update
2.6.18-164.6.1.0.1.el5 - xen check to see if hypervisor supports memory reservation change Chuck Anderson orabug 7556514 - Add entropy support to igb John Sobecki orabug 7607479 - nfs convert ENETUNREACH to ENOTCONN orabug 7689332 - NET Add xen pv/bonding netconsole support Tina yang orabug 69930...
Linux Kernel O_EXCL NFSv4本地权限提升漏洞
BUGTRAQ ID: 36472 CVE ID: CVE-2009-3286 Linux Kernel是开放源码操作系统Linux所使用的内核。 当OEXCL创建文件失败时,Linux Kernel的NFSv4没有正确地清除inode。这导致以不安全的设置(如setuid位)创建文件,本地用户可以通过执行doopenpermission函数获得权限提升。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://git.kernel.org/linus/af85852d...
CVE-2006-6304
The docoredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to OEXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump...
CVE-2006-6304
The docoredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to OEXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump...
CVE-2006-5297
CVE-2006-5297 affects mutt up to 1.5.12, describing a race condition in safe_open when creating temporary files on NFS. The underlying issue is the NFS limitation with O_EXCL, allowing a local attacker to overwrite files. Connected advisories across Red Hat, Ubuntu, Canonical/Sec advisories docum...
Tripwire temporary files
------------------------------------------------------------ Insecure temporary files in Tripwire [email protected] $Date: 2001/07/09 05:02:02 $ ------------------------------------------------------------ Author: Jarno Huuskonen [email protected] Discovered: Tue 16 Jan 2001 Vendor...