10 matches found
EUVD-1999-1394
Malware in sbrugna...
exec: Fix ToCToU between perm check and set-uid/gid usage
...
CVE-2024-43882 exec: Fix ToCToU between perm check and set-uid/gid usage
In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...
kernel: security regression for CVE-2018-13405
A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belon...
Linux systemd Symlink Dereference Via chown_one() Exploit
Linux suffers from an issue with systemd where chownone can dereference symlinks. systemd: chownone can dereference symlinks CVE-2018-15687 I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at...
Mandrake Linux Security Advisory : dump (MDKSA-2000:007)
Dump may cause security problem due to a buffer overflow. This package removes the set gid root on the dump exec file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandrake Linux Security Advisory MDKSA-2000:007. T...
CVE-1999-1413
Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg...
CVE-1999-1413
Solaris 2.4 before patching, prior to the kernel jumbo patch -35, is vulnerable. Set-gid programs can dump core even if the real user is not in the set-gid group, enabling local privilege escalation through a core dump (e.g., via dmesg). The connected documents confirm the vulnerability details; ...
CVE-1999-1413
Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg...
CVE-1999-1413
Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg...