101 matches found
zsh security update
5.0.2-34.el77.2 - improve printing of error messages introduced by the fix of CVE-2019-20044 5.0.2-33.el77.1 - drop privileges securely when unsetting PRIVILEGED option CVE-2019-20044...
Important: Red Hat Security Advisory: zsh security update
An update for zsh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
CVE-2011-3350
masqmail 0.2.21 through 0.2.30 improperly calls seteuid in src/log.c and src/masqmail.c that results in improper privilege dropping...
CVE-2011-3350
masqmail 0.2.21 through 0.2.30 improperly calls seteuid in src/log.c and src/masqmail.c that results in improper privilege dropping...
Input validation
masqmail 0.2.21 through 0.2.30 improperly calls seteuid in src/log.c and src/masqmail.c that results in improper privilege dropping...
CVE-2011-3350
masqmail versions 0.2.21–0.2.30 improperly call seteuid() in src/log.c and src/masqmail.c, resulting in improper privilege dropping. Affected by this is the ability to retain elevated privileges when dropping privileges, with no remediation details provided in the supplied documents. This vulnera...
CVE-2011-3350
masqmail 0.2.21 through 0.2.30 improperly calls seteuid in src/log.c and src/masqmail.c that results in improper privilege dropping...
DEBIAN-CVE-2012-1187
Bitlbee does not drop extra group privileges correctly in unix.c...
ALPINE-CVE-2017-14159
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, ...
Code injection
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971...
CVE-2017-6972
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971...
CVE-2017-6972
CVE-2017-6972 affects AlienVault USM/OSSIM before 5.3.7 and NfSen before 1.3.8, exposing a privilege-dropping bug that causes NfSen Perl components to run as root. Public exploit references (exploit-db entries 42314, 42305/42306) describe remote command execution and potential root access when ex...
Oracle: Security Advisory (ELSA-2010-0819)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Race condition
Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error...
Apple MAC OS X Install.framework runner privilege dropping vulnerability
Apple Mac OS X is a commercial operating system. The Apple Mac OS X Install.framework 'runner' setuid program fails to properly discard privileges, allowing attackers to exploit the vulnerability to run malicious applications and execute arbitrary code...
CVE-2014-8583
CVE-2014-8583 : mod_wsgi (Apache) before 4.2.4 fails to handle when it cannot drop group privileges during daemon process group creation, potentially allowing local privilege escalation via unspecified vectors. Affected software: mod_wsgi before 4.2.4. Impact: attacker could gain privileges with ...
openSUSE Security Update : apache2-mod_wsgi (openSUSE-SU-2014:1590-1)
apache2-modwsgi was updated to fix one security issue. This security issue was fixed : - Failure to handle errors when attempting to drop group privileges CVE-2014-8583. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
openSUSE Security Update : puppet (openSUSE-SU-2012:0835-1)
Fixed bnc747657: CVE-2012-1053, CVE-2012-1054: improper privilege dropping and file handling flaws This was done by updating to the new version in stable branch. The stable branch receives only security fixes and this update does not provide any new features. - Fixed bnc755869 CVE-2012-1988:...
DEBIAN-CVE-2011-4406
The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors...
Oracle Linux 3 / 4 : util-linux (ELSA-2007-0969)
From Red Hat Security Advisory 2007:0969 : Updated util-linux packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The util-linux package contains a large...