lighttpd < 1.4.34 Multiple Vulnerabilities

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.34. It is, therefore, affected by the following vulnerabilities : - When Server Name Indication SNI is enabled, a flaw exists that could cause the application to use all available SSL ciphers, including we...

USN-2222-1 mod-wsgi vulnerabilities

Róbert Kisteleki discovered modwsgi incorrectly checked setuid return values. A malicious application could use this issue to cause a local privilege escalation when using daemon mode. CVE-2014-0240 Buck Golemon discovered that modwsgi used memory that had been freed. A remote attacker could use...

UBUNTU-CVE-2014-0470

super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMITNPROC attack...

USN-308-1: shadow vulnerability

Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid call. On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root...

screen 3.9.5 root vulnerability

PROBLEM DESCRIPTION A vulnerability exists in the program "screen" version 3.9.5 and earlier. If screen is installed setuid root, a local user may gain root privilege. There are many systems where the program isn't setuid root by default, but on many systems afaik at least SuSE Linux, Red Hat 5.2...