289 matches found
Code injection
mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring...
CVE-2017-13130
mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring...
CVE-2017-13130
mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring...
OracleVM 3.3 : glibc (OVMSA-2014-0017)
The remote OracleVM system is missing necessary patches to address critical security updates : - Remove gconv transliteration loadable modules support CVE-2014-5119, - nlfindlocale: Improve handling of crafted locale names CVE-2014-0475, - Don't use alloca in addgetnetgrentX 1087789. - Adjust...
Compaq/Hewlett Packard Glance 11.00 Privilege Escalation Vulnerability
It has been identified that binaries that are executed with elevated privileges SetGID and SetUID programs in Compaq/HP's Glance for Linux have been compiled in manner that means they searched for libraries in insecure locations. Versions 11.00 and below are affected. Vulnerability title:...
Compaq/Hewlett Packard Glance 11.00 Privilege Escalation
Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in Compaq/Hewlett Packard Glance for Linux CVE: CVE-2014-2630 Vendor: Compaq/Hewlett Packard Product: Glance for Linux Affected version: 11.00 and subsequent Fixed version: HPSBMU03086 rev.3 Reported by: Tim...
Linux dynamic link library contains the vulnerability-vulnerability warning-the black bar safety net
Description Nebula is the one for Linux. the right to exploit exercises virtual machine,the first 1 5 off Level15 provides such a vulnerability of the program flag15 ! Find the link named libc. so. 6 dynamic link libraries,but the/var/tmp directory for the current userlevel15can be written,it...
PyPAM - Python bindings for PAM - Double Free Corruption
No description provided by source. === LSE Leading Security Experts - Security Advisory 2012-03-01 === PyPAM -- Python bindings for PAM - Double Free Corruption --------------------------------------------------------- Affected Versions ================= PyPAM = 0.4.2 Red Hat PyPAM = 0.5.0-12...
CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2
Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2 CVE: CVE-2014-0907 Vendor: IBM Product: DB2 Affected version: V9.1, V9.5, V9.7, V10.1 and V10.5 Fixed version: V9.7 FP9a, V10.1 FP3a, V10.1 FP4 and V10.5 FP3a Reported by: Tim Brown Details: It ha...
CVE-2014-2591
Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting...
Design/Logic Flaw
Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting...
CVE-2014-2591
Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting...
CVE-2014-2591
CVE-2014-2591 affects BMC Patrol for AIX 3.9.00 and is caused by an incorrect RPATH setting that enables untrusted search path exploitation. This allows local users to gain privileges by loading a crafted library. The vulnerability is a local privilege escalation risk due to insecure runtime libr...
CVE-2013-6216 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in multiple HP products on Linux
Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics and SmartSSD Wear Gauge Utility Running on Linux CVE: CVE-2013-6216 Vendor: HP Product: HP Array Configuration...
BMC Patrol For AIX Insecure RPATH Use
Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in BMC Patrol for AIX CVE: CVE-2014-2591 Vendor: BMC Product: Patrol for AIX Affected version: 3.9.00 Fixed version: N/A Reported by: Tim Brown Details: It has been identified that binaries that are executed...
HP Insecure RPATH Use
Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics and SmartSSD Wear Gauge Utility Running on Linux CVE: CVE-2013-6216 Vendor: HP Product: HP Array Configuration...
libiodbc rpath vulnerability
Unsafe rpath vulnerability in test applications...
[slackware-security] llvm (SSA:2013-350-03)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security llvm SSA:2013-350-03 New llvm packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...
llvm unsafe rpath
rpath is set to /tmp...
[slackware-security] llvm
New llvm packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/llvm-3.3-i486-3slack14.1.txz: Rebuilt. The LLVM package included binaries with an rpath pointing to the build location in /tmp...