2 matches found
SUSE CVE-2010-3316
The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...
UBUNTU-CVE-2017-6964
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the 1 setuid or 2 setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through...