10 matches found
Symlink Attack
Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Symlink Attack via the DataDump.add process. An attacker can gain ownership of arbitrary directories and their contents by creating a symlink within their own directory that points to...
EUVD-2020-24211
Malware in sbrugna...
CVE-2025-46810
A flaw was found in the traefik2 package of OpenSUSE and its derived distributions. This issue occurs due to an insecure chown call in the %post section of the traefik2 package, allowing the traefik user to obtain ownership of arbitrary files on the system when the traefik2 package is reinstalled...
CVE-2024-9902 Ansible-core: ansible-core user may read/write unauthorized content
A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...
CVE-2020-36770
pkgpostinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files...
SUSE CVE-2015-5228
The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path...
CVE-2022-31253
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior ...
SUSE-SU-2021:2280-1 Security update for permissions
This update for permissions fixes the following issues: - Fork package for 12-SP5 bsc1155939 - make btmp root:utmp bsc1050467, bsc1182899 - pcp: remove no longer needed / conflicting entries bsc1171883. Fixes a potential security issue. - do not follow symlinks that are the final path element...
CVE-2021-23240
selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not...
abrt: abrt-dbus does not guard against crafted problem directory path arguments
It was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw take ownership of arbitrary files and directories, or to delete files and...