FreeBSD : FreeBSD -- Flaw in Linuxulator execution of setugid binaries (fa5289e4-6473-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fa5289e4-6473-11f1-958d-bc241121aa0a advisory. The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID...

EUVD-2003-0354

Malware in sbrugna...

Unsafe behavior in setuid/setgid binaries in runtime

...

AZL-52789 CVE-2023-29403 affecting package golang for versions less than 1.20.7-1

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

DEBIAN-CVE-2023-29403

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

AZL-37368 CVE-2023-29403 affecting package golang for versions less than 1.21.6-1

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

UBUNTU-CVE-2023-29403

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

CVE-2023-29403 Unsafe behavior in setuid/setgid binaries in runtime

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

CVE-2023-29403

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future when the GID will be recycled.

...

Denial Of Service (DoS)

glibc is vulnerable to privilege escalation. It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LDAUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use...

Scientific Linux Security Update : kernel on SL4.x i386/x86_64

These new kernel packages contain fixes for the security issues described below : - a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN netwo...

Debian: Security Advisory (DSA-430)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-316-1 : nethack - buffer overflow, incorrect permissions

The nethack and slashem packages are vulnerable to a buffer overflow exploited via a long '-s' command line option. This vulnerability could be used by an attacker to gain gid 'games' on a system where nethack is installed. Additionally, some setgid binaries in the nethack package have incorrect...

CVE-2003-0359

nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code...

DEBIAN-CVE-2003-0359

nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code...

CVE-2003-0359

nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code...

CVE-2003-0359

nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code...

DSA-316 nethack - buffer overflow, incorrect permissions

Bulletin has no description...

Fixed local AIX V43 vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Just for the record, here are some local AIX vulnerabilities we have found, and which have been fixed by IBM this year. If you have been applying fixes, there should be no problem with these anymore. But it might be interesting to know what some of those massive...