14 matches found
EUVD-2020-7689
Malware in sbrugna...
EUVD-2019-6713
Malware in sbrugna...
CVE-2020-15702
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate...
CVE-2020-15702 TOCTOU in apport
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate...
CVE-2020-15702
CVE-2020-15702 describes a TOCTOU race condition in the Apport component of Ubuntu. The vulnerability allows a local attacker to escalate privileges and potentially execute arbitrary code by exploiting PID recycling after a crash, enabling a root process to inherit the crashed process’ PID. Affec...
PT-2020-3489 · Canonical +1 · Apport +2
Name of the Vulnerable Software and Affected Versions: apport versions prior to 2.20.1-0ubuntu2.24 apport versions 2.20.9 prior to 2.20.9-0ubuntu7.16 apport versions 2.20.11 prior to 2.20.11-0ubuntu27.6 Description: The issue exists due to insufficient checking of a shared resource's state in the...
Memory corruption
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through getpidinfo in data/apport. An unprivileged user could exploit this to read information about a privileged...
CVE-2019-15790
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through getpidinfo in data/apport. An unprivileged user could exploit this to read information about a privileged...
UBUNTU-CVE-2019-15790
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through getpidinfo in data/apport. An unprivileged user could exploit this to read information about a privileged...
PT-2019-4765 · Canonical · Apport +1
Name of the Vulnerable Software and Affected Versions: Apport versions prior to 2.20.11-0ubuntu16 Apport versions prior to 2.20.11-0ubuntu8.6 Apport versions prior to 2.20.9-0ubuntu7.12 Apport versions prior to 2.20.1-0ubuntu2.22 Apport versions prior to 2.14.1-0ubuntu3.29+esm3 Description: The...
Oracle Linux 4 : bash (ELSA-2011-0261)
From Red Hat Security Advisory 2011:0261 : Updated bash packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base...
Scientific Linux Security Update : bash on SL4.x i386/x86_64
It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts...
RHEL 4 : bash (RHSA-2011:0261)
Updated bash packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
Low: Red Hat Security Advisory: bash security and bug fix update
Updated bash packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...