2272 matches found
CVE-2017-14159
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, ...
CVE-2017-14159
CVE-2017-14159 affects slapd in OpenLDAP 2.4.45 and earlier: a PID file is created after dropping privileges to a non-root account, which may allow local users to kill arbitrary processes by modifying the PID file before a root script executes a kill cat /pathname command, as demonstrated by open...
CVE-2017-14159
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, ...
CVE-2017-14159
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, ...
CVE-2017-14102
MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as...
DEBIAN-CVE-2017-14102
MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as...
CVE-2017-14102
MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as...
Debian DLA-1069-1 : tenshi security update
Tenshi creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a 'kill cat /pathname/tenshi.pid' command. For Debian...
[SECURITY] [DLA 1069-1] tenshi security update
Package : tenshi Version : 0.13-2+deb7u1 CVE ID : CVE-2017-11746 Debian Bug : 871321 Tenshi creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modificatio...
Nagios Core Denial of Service Vulnerability
Nagios Core is an open source, free network monitoring tool. A denial of service vulnerability exists in Nagios Core versions prior to 4.3.3. A local attacker can exploit the vulnerability to terminate arbitrary processes...
UnrealIRCd Local Elevation of Privilege Vulnerability
UnrealIRCd is an open source IRC server developed by the UnrealIRCd project team. A security vulnerability exists in UnrealIRCd 4.0.13 and earlier versions. A local attacker can exploit the vulnerability to terminate arbitrary processes...
CVE-2017-12847
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill cat...
Command injection
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill cat...
UBUNTU-CVE-2017-12847
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill cat...
Command injection
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command. NOTE: t...
CVE-2017-12847
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill cat...
CVE-2017-12847
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill cat...
CVE-2017-13649
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command. NOTE: t...
Design/Logic Flaw
In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sderotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use...
CVE-2017-8257
In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sderotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use...