631 matches found
USN-2933-1 exim4 vulnerabilities
It was discovered that Exim incorrectly filtered environment variables when used with the perlstartup configuration option. If the perlstartup option was enabled, a local attacker could use this issue to escalate their privileges to the root user. This issue has been fixed by having Exim clean th...
libuser: multiple issues
CVE-2015-3245 denial of service It was found that libuser, as used by the chfn userhelper functionality, did not properly filter out newline characters in GECOS fields. A local, authenticated user could use this flaw to corrupt the /etc/passwd file, resulting in a denial-of-service on the system...
FreeBSD : security/ossec-hids-* -- root escalation via syscheck feature (c470db07-1098-11e5-b6a8-002590263bf5)
OSSEC reports : The CVE-2015-3222 vulnerability, which allows for root escalation via sys check has been fixed in OSSEC 2.8.2. This issue does not affect agents. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...
OSSEC 2.8.1 Local Root Escalation
Fix for CVE-2015-3222 which allows for root escalation via syscheck - https://github.com/ossec/ossec-hids/releases/tag/2.8.2 Affected versions: 2.7 - 2.8.1 Beginning is OSSEC 2.7 d88cf1c9 a feature was added to syscheck, which is the daemon that monitors file changes on a system, called...
OSSEC 2.7 <= 2.8.1 - Local Root Escalation Vulnerability
Exploit for linux platform in category local exploits Fix for CVE-2015-3222 which allows for root escalation via syscheck - https://github.com/ossec/ossec-hids/releases/tag/2.8.2 Affected versions: 2.7 - 2.8.1 Beginning is OSSEC 2.7 d88cf1c9 a feature was added to syscheck, which is the daemon th...
OSSEC 2.7 2.8.1 - diff Local Privilege Escalation
OSSEC 2.7 2.8.1 - diff Local Privilege Escalation Fix for CVE-2015-3222 which allows for root escalation via syscheck - https://github.com/ossec/ossec-hids/releases/tag/2.8.2 Affected versions: 2.7 - 2.8.1 Beginning is OSSEC 2.7 d88cf1c9 a feature was added to syscheck, which is the daemon that...
OSSEC 2.7 < 2.8.1 - 'diff' Local Privilege Escalation
Fix for CVE-2015-3222 which allows for root escalation via syscheck - https://github.com/ossec/ossec-hids/releases/tag/2.8.2 Affected versions: 2.7 - 2.8.1 Beginning is OSSEC 2.7 d88cf1c9 a feature was added to syscheck, which is the daemon that monitors file changes on a system, called...
security/ossec-hids-* -- root escalation via syscheck feature
OSSEC reports: The CVE-2015-3222 vulnerability, which allows for root escalation via sys check has been fixed in OSSEC 2.8.2. This issue does not affect agents...
FreeBSD : security/ossec-hids-* -- root escalation via temp files (36858e78-3963-11e4-ad84-000c29f6ae42)
OSSEC reports : This correction will create the temp file for the hosts deny file in /var/ossec and will use mktemp where available to create NON-predictable temp file name. In cases where mktemp is not available we have written a BAD version of mktemp, but should be a little better then just...
security/ossec-hids-* -- root escalation via temp files
OSSEC reports: This correction will create the temp file for the hosts deny file in /var/ossec and will use mktemp where available to create NON-predictable temp file name. In cases where mktemp is not available we have written a BAD version of mktemp, but should be a little better then just...
[SECURITY] [DSA 2984-2] acpi-support regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-2984-2 [email protected] http://www.debian.org/security/ Raphael Geissert August 11, 2014 http://www.debian.org/security/faq -...
DSA-2984-2 acpi-support - regression update
Bulletin has no description...
Debian DSA-2984-1 : acpi-support - security update
CESG discovered a root escalation flaw in the acpi-support package. An unprivileged user can inject the DBUSSESSIONBUSADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
[SECURITY] [DSA 2984-1] acpi-support security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2984-1 [email protected] http://www.debian.org/security/ Luciano Bello July 22, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2984-1 (acpi-support - security update)
CESG discovered a root escalation flaw in the acpi-support package. An unprivileged user can inject the DBUSSESSIONBUSADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script. OpenVAS Vulnerability Test $Id: deb2984.nasl 6724 2017-07-14 09:57:17Z teissa $...
DSA-2984-1 acpi-support - security update
Bulletin has no description...
Debian: Security Advisory (DSA-2984-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ContentKeeper Web Remote Command Execution
No description provided by source. $Id: contentkeeperwebmimencode.rb 10617 2010-10-09 06:55:52Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing an...
Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...
Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
This Metasploit module abuses a command injection on the clearkeys.pl perl script, installed with the Sophos Web Protection Appliance, to escalate privileges from the "spiderman" user to "root". This Metasploit module is useful for post exploitation of vulnerabilities on the Sophos Web Protection...