Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr SetGID Privilege Escalation

Source: http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/ Introduction Problem description: Linux user namespace allows to mount file systems as normal user, including the overlayfs. As many of those features were not designed with namespaces in mind, this...

GLSA-201611-10 : libuv: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201611-10 libuv: Privilege escalation It was discovered that libuv does not call setgroups before calling setuid/setgid. If this is not called, then even though the uid has been dropped, there may still be groups associated that...

Linux kernel elevation of privilege vulnerability (CNVD-2016-09544)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the file system implementation in versions of Linux kernel prior to 4.8.2, which stems from a program incorrectly saving the setgid bit duri...

DEBIAN-CVE-2016-7097

The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions...

CVE-2016-7097

The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions...

CVE-2016-7097

The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions...

Design/Logic Flaw

The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions...

CVE-2016-7097

CVE-2016-7097 is a Linux kernel vulnerability in which the setgid bit was not cleared during setxattr, allowing local users to gain group privileges if a setgid executable exists with restricted execute permissions. The issue is reported across the Linux filesystem/ACL handling and was addressed ...

CVE-2016-7097

The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions...

UBUNTU-CVE-2016-7097

The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions...

PT-2016-7214 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 4.8.2 Description: The issue concerns the filesystem implementation in the Linux kernel, which preserves the setgid bit during a setxattr call. This allows local users to gain group privileges by leveraging the...

Design/Logic Flaw

Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program...

Multiple IBM DB2 Products Local Lift Vulnerabilities

IBM DB2 is a relational database management system from IBM in the United States. Multiple IBM DB2 products fail to properly validate input prior to loading into the library, allowing a local attacker to exploit the vulnerability to gain root privileges by constructing malicious libraries in a...

Exim 4 (Debian 8 Ubuntu 16.04) - Spool Privilege Escalation

Exim 4 Debian 8 Ubuntu 16.04 - Spool Privilege Escalation / -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello List, This is just a minor issue in Exim, no replies so far, so publication should be OK. Introduction: ============ Exim4 in some variants is started as root but switches to uid/gid...

4digits 1.1.4 - Local Buffer Overflow (PoC)

4digits 1.1.4 - Local Buffer Overflow PoC 4digits 1.1.4 Local Buffer Overflow Privilege Escalation if setuid/setgid Discoverd by NA , NA at tutanota.com Downloaded and tested upon Kali Linux Vendor has been notified. Description ------------- 4digits is a guess-the-number puzzle game. It's also...

Linux kernel privilege acquisition vulnerability (CNVD-2016-02786)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. aufs is one of the federated file system modules. A privilege-acquisition vulnerability exists in the aufs module of Linux kernel versions 3.x and 4.x. The vulnerability stems...

CVE-2016-2854

The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory...

DEBIAN-CVE-2016-2854

The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory...

CVE-2016-2854

The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory...

CVE-2016-2854

The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory...