739 matches found
Design/Logic Flaw
The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...
CVE-2010-3316
CVE-2010-3316 affects the pam_xauth module of Linux-PAM before 1.1.2. The issue is in pam_xauth.c: the run_coprocess function does not validate the return values of setuid, setgid, and setgroups, which may allow a local attacker to read arbitrary files by exploiting the pam_xauth PAM check. The c...
CVE-2010-3316
The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...
CVE-2010-3316
The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...
CVE-2010-3316
The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...
pam: pam_xauth missing return value checks from setuid() and similar calls
The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...
glibc: ld.so arbitrary DSO loading via LD_AUDIT in setuid/setgid programs
ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...
The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.
The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Czesc, This advisory describes CVE-2010-3856, an addendum to CVE-2010-3847. Please see http://seclists.org/fulldisclosure/2010/Oct/257 fo...
NetBSD Larn 'Games'组本地特权提升漏洞
Bugtraq ID: 44293 NetBSD是一款基于BSD的操作系统。 当game从setuid更改为setgid时larn没有进行更新-把用户IDs替代为组IDs,这意味着当试图下降到低特权级别时,没有任何事情发生。因此game一直以game组权限运行,并可以games组权限进行各种如写或保存文件操作。 保存文件可写入/var/games可覆盖或破坏属于其他游戏的文件。 NetBSD 4.0 厂商解决方案 已经修补的源文件可从NetBSD CVS库中获得: CVS branch file revision ------------- ----------------...
glibc: ld.so arbitrary DSO loading via LD_AUDIT in setuid/setgid programs
ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...
RedHat Update for glibc RHSA-2010:0787-01
Check for the Version of glibc OpenVAS Vulnerability Test RedHat Update for glibc RHSA-2010:0787-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...
glibc, nscd security update
CentOS Errata and Security Advisory CESA-2010:0787 Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base...
glibc: ld.so insecure handling of $ORIGIN in LD_AUDIT for setuid/setgid programs
elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...
GNU C library dynamic linker - '$ORIGIN' Expansion
from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2 The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is...
CentOS 4 : rpm (CESA-2010:0678)
Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...
CentOS Update for popt CESA-2010:0678 centos4 i386
Check for the Version of popt OpenVAS Vulnerability Test CentOS Update for popt CESA-2010:0678 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
CentOS Update for popt CESA-2010:0678 centos4 i386
Check for the Version of popt OpenVAS Vulnerability Test CentOS Update for popt CESA-2010:0678 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
RedHat Update for rpm RHSA-2010:0678-01
Check for the Version of rpm OpenVAS Vulnerability Test RedHat Update for rpm RHSA-2010:0678-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
popt, rpm security update
CentOS Errata and Security Advisory CESA-2010:0678 Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...
RHEL 4 : rpm (RHSA-2010:0678)
Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...