EUVD-2005-0603

Malware in sbrugna...

EUVD-2019-14165

Malware in sbrugna...

EUVD-2005-4880

Malware in sbrugna...

SUSE CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel's OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalat...

SUSE CVE-2005-0602

Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges...

SUSE CVE-2010-2059

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable 1...

Security Bulletin: IBM Storwize V7000 Unified is affected by vulnerability in GPFS (CVE-2019-4558)

Summary IBM Storwize V7000 Unified is shipped with GPFS, for which a fix is available for a security vulnerability. Vulnerability Details CVEID: CVE-2019-4558 DESCRIPTION: A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum...

Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected where the local attacker can obtain root privilege by injecting parameters into setuid files (CVE-2019-4558)

Summary The Elastic Storage Server is affected by a vulnerability in IBM Spectrum Scale where one can obtain root privilege by injecting parameters into setuid files. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2019-4558 DESCRIPTION: A security vulnerability has be...

CVE-2019-4558

A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files...

CVE-2019-4558

A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files...

Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by a security vulnerability (CVE-2016-0392)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow a local attacker to inject commands into setuid file parameters and execute commands as root. Vulnerability Details CVEID: CVE-2016-0392 DESCRIPTION: IBM General Parallel File...

Security Bulletin: GPFS security vulnerabilities in IBM Storwize V7000 Unified (CVE-2016-0392)

Summary A fix is available for IBM Storwize V7000 Unified, for GPFS security vulnerabilities Vulnerability Details IBM General Parallel File System GPFS is a high-performance clustered file system. It is used in IBM Storwize V7000 Unified. CVEID: CVE-2016-0392 DESCRIPTION: IBM General Parallel Fi...

Security Bulletin: GPFS security vulnerabilities in IBM SONAS (CVE-2016-0392)

Summary A fix is available for IBM SONAS, for GPFS security vulnerability Vulnerability Details IBM General Parallel File System GPFS is a high-performance clustered file system. It is used in IBM SONAS. CVEID: CVE-2016-0392 DESCRIPTION: IBM General Parallel File System could allow a local attack...

UBUNTU-CVE-2017-9780

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...

DEBIAN-CVE-2017-9780

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...

Linux Kernel (PonyOS 4.0) - fluttershy LD_LIBRARY_PATH Local Privilege Escalation

Linux Kernel PonyOS 4.0 - fluttershy LDLIBRARYPATH Local Privilege Escalation !/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running...

UBUNTU-CVE-2016-10156

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229...

FreeBSD : p5-File-Path -- rmtree allows creation of setuid files (13b0c8c8-bee0-11dd-a708-001fc66e7203)

Jan Lieskovsky reports : perl-File-Path rmtree race condition CVE-2005-0448 was assigned to address this This vulnerability was fixed in 5.8.4-7 but re-introduced in 5.8.8-1. It's also present in File::Path 2.xx, up to and including 2.07 which has only a partial fix. %NASLMINLEVEL 70300 C Tenable...

p5-File-Path -- rmtree allows creation of setuid files

Jan Lieskovsky reports: perl-File-Path rmtree race condition CVE-2005-0448 was assigned to address this This vulnerability was fixed in 5.8.4-7 but re-introduced in 5.8.8-1. It's also present in File::Path 2.xx, up to and including 2.07 which has only a partial fix...

DSA-1271-1 openafs - design error

Bulletin has no description...