20 matches found
EUVD-2011-2883
Malware in sbrugna...
EUVD-2006-2606
Malware in sbrugna...
CVE-2011-2910
The AX.25 daemon ax25d in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation...
DEBIAN-CVE-2011-2910
The AX.25 daemon ax25d in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation...
Privilege escalation
The AX.25 daemon ax25d in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation...
CVE-2011-2910
The AX.25 daemon ax25d in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation...
CVE-2006-3378
passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits...
CVE-2013-6825
1 movescu.cc and 2 storescp.cc in dcmnet/apps/, 3 dcmnet/libsrc/scp.cc, 4 dcmwlm/libsrc/wlmactmg.cc, 5 dcmprscp.cc and 6 dcmpsrcv.cc in dcmpstat/apps/, 7 dcmpstat/tests/msgserv.cc, and 8 dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call,...
DEBIAN-CVE-2008-0008
The padroproot function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from 1 setresuid, 2 setreuid, 3 setuid, and 4 seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as...
Ubuntu 5.04 / 5.10 / 6.06 LTS : shadow vulnerability (USN-308-1)
Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid call. On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root...
Beast privilege escalation
Unchecked result of setuid call can be exploited by user with exhausting system resources...
Mandrake Linux Security Advisory : krb5 (MDKSA-2006:139)
A flaw was discovered in some bundled Kerberos-aware packages that would fail to check the results of the setuid call. This call can fail in some circumstances on the Linux 2.6 kernel if certain user limits are reached, which could be abused by a local attacker to get the applications to continue...
[SECURITY] [DSA 1217-1] New linux-ftpd packages fix access control bypass
-------------------------------------------------------------------------- Debian Security Advisory DSA 1217-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 20th, 2006 http://www.debian.org/security/faq -...
DSA-1106 ppp - programming error
Bulletin has no description...
CVE-2006-3378
passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits...
SUSE-SA:2006:027: cron
The remote host is missing the patch for the advisory SUSE-SA:2006:027 cron. Vixie Cron is the default CRON daemon in all SUSE Linux based distributions. The code in docommand.c in Vixie cron does not check the return code of a setuid call, which might allow local users to gain root privileges if...
CVE-2006-2607
docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...
Deserialization of untrusted data
docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...
CVE-2006-2607
docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...
CVE-2006-2607
docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...