71 matches found
GLSA-201611-10 : libuv: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-201611-10 libuv: Privilege escalation It was discovered that libuv does not call setgroups before calling setuid/setgid. If this is not called, then even though the uid has been dropped, there may still be groups associated that...
FreeBSD : FreeBSD -- Linux compatibility layer setgroups(2) system call (798f63e0-600a-11e6-a6c3-14dae9d210b8)
A programming error in the Linux compatibility layer setgroups2 system call can lead to an unexpected results, such as overwriting random kernel memory contents. Impact : It is possible for a local attacker to overwrite portions of kernel memory, which may result in a privilege escalation or caus...
openSUSE Security Update : the Linux Kernel (openSUSE-2016-256)
The openSUSE 13.2 kernel was updated to receive security and bugfixes. It also fixes a regression that caused the Chromium sandbox to no longer work bsc965356. Following security bugs were fixed : - CVE-2016-2069: A flaw was discovered in a way the Linux deals with paging structures. When Linux...
Security update for the Linux Kernel (important)
The openSUSE 13.2 kernel was updated to receive security and bugfixes. It also fixes a regression that caused the Chromium sandbox to no longer work bsc965356. Following security bugs were fixed: - CVE-2016-2069: A flaw was discovered in a way the Linux deals with paging structures. When Linux...
FreeBSD -- Linux compatibility layer setgroups(2) system call
Problem Description: A programming error in the Linux compatibility layer setgroups2 system call can lead to an unexpected results, such as overwriting random kernel memory contents. Impact: It is possible for a local attacker to overwrite portions of kernel memory, which may result in a privileg...
openSUSE Security Update : apache2-mod_wsgi (openSUSE-2014-470)
apache2-modwsgi was updated to fix a small of-by-one error in its use of setgroups. Please see http://modwsgi.readthedocs.org/en/latest/release-notes/version-4.2.4.h tml for more information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plug...
openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)
apache2-modwsgi was updated to fix a small of-by-one error in its use of setgroups. Please see http://modwsgi.readthedocs.org/en/latest/release-notes/version-4.2.4.h tml for more information. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currentl...
Medium: lighttpd
Issue Overview: Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service segmentation fault and crash via unspecified vectors that trigger FAMMonitorDirectory failures. lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, whi...
Debian DSA-2795-2 : lighttpd - several vulnerabilities
Several vulnerabilities have been discovered in the lighttpd web server. It was discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate...
CVE-2013-4559
lighttpd before 1.4.33 does not check the return value of the 1 setuid, 2 setgid, or 3 setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fai...
DEBIAN-CVE-2013-4559
lighttpd before 1.4.33 does not check the return value of the 1 setuid, 2 setgid, or 3 setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fai...
UBUNTU-CVE-2013-4559
lighttpd before 1.4.33 does not check the return value of the 1 setuid, 2 setgid, or 3 setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fai...
CVE-2013-4559
lighttpd before 1.4.33 does not check the return value of the 1 setuid, 2 setgid, or 3 setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fai...
Design/Logic Flaw
lighttpd before 1.4.33 does not check the return value of the 1 setuid, 2 setgid, or 3 setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fai...
CVE-2013-4559
lighttpd before 1.4.33 does not check the return value of the 1 setuid, 2 setgid, or 3 setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fai...
CVE-2013-4559
lighttpd before 1.4.33 does not check the return value of the 1 setuid, 2 setgid, or 3 setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fai...
[SECURITY] [DSA 2795-1] lighttpd security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2795-1 [email protected] http://www.debian.org/security/ Michael Gilbert November 13, 2013 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2795-2 (lighttpd - several vulnerabilities)
Several vulnerabilities have been discovered in the lighttpd web server. It was discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate...
[SECURITY] [DSA 2795-1] lighttpd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2795-1 [email protected] http://www.debian.org/security/ Michael Gilbert November 13, 2013 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2795-1] lighttpd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2795-1 [email protected] http://www.debian.org/security/ Michael Gilbert November 13, 2013 http://www.debian.org/security/faq -...