9 matches found
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001533)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001533 advisory. A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an...
EUVD-2007-6695
Malware in sbrugna...
CVE-2007-6733
The nfslock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service BUG and system crash by locking a file on an NFS filesystem and then changing this...
Debian dla-3782 : bsdutils - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3782 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3782-1 [email protected]...
New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking
Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape b...
CVE-2024-28085
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...
AZL-37146 CVE-2024-28085 affecting package util-linux for versions less than 2.37.4-9
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...
CVE-2024-28085
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...
BSDi 3.04.0 - rcvtty[mh] Local Privilege Escalation
BSDi 3.04.0 - rcvttymh Local Privilege Escalation / BSDi3.0/4.0rcvttymh local exploit, by [email protected]. this exploit is for the rcvtty of the mh package, which is setgid=4tty on BSDi. this exploit gives you egid/group=4tty access. example: -------------------------------------------------...