3 matches found
CVE-2026-48855 SFTP READLINK Leaks Absolute Backend Filesystem Path When Root Is Configured
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh sshsftpd module allows File Discovery. The SSHFXPREADLINK handler in sshsftpd sends the raw result of file:readlink/2 to the client without calling chrootfilename/2 to strip the backend root prefix. An...
capsh: does not chdir after chroot
The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors...
pound remotely exploitable vulnerability
An unknown remotely exploitable vulnerability was disclosed. Robert Segall writes: a security vulnerability was brought to my attention many thanks to Akira Higuchi. Everyone running any previous version should upgrade to 1.6 immediately - the vulnerability may allow a remote exploit. No exploits...