IBM DB2 10.5 < Fix Pack 8 / 11.x < 11.1 Multiple Vulnerabilities

Binary data 9590.prm...

CVE-2016-7543

An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances...

gnutls: arbitrary file overwrite

Setuid programs using GnuTLS could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 with the GNUTLSKEYLOGFILE environment variable handling via getenv and fixed in GnuTLS 3.4.13 by switching to securegetenv where...

gnutls -- file overwrite by setuid programs

gnutls.org reports: Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem...

Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access etcshadow)

Linux Kernel Ubuntu 14.04.3 - perfeventopen Can Race with execve Access etcshadow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=807 A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. perfeventopen associates with a task as...

Linux Kernel (Ubuntu 14.04.3) - 'perf_event_open()' Can Race with execve() (Access /etc/

Exploit for linux platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=807 A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. perfeventopen associates with a task as follows:...

Compaq/Hewlett Packard Glance 11.00 Privilege Escalation Vulnerability

It has been identified that binaries that are executed with elevated privileges SetGID and SetUID programs in Compaq/HP's Glance for Linux have been compiled in manner that means they searched for libraries in insecure locations. Versions 11.00 and below are affected. Vulnerability title:...

AIX 7.1 TL 2 : malloc (IV62807)

It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...

AIX 6.1 TL 9 : malloc (IV60935)

It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...

QNX RTOS 4.25/6.1 su Password Hash Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4914/info It has been reported that the 'su' utility for QNX RTOS accepts the SIGSEGV signal and dumps a world readable core file. An attacker is able to analyze the core file and obtain very sensitive information. It is...

AIX 7.1 TL 2 : malloc (IV61314)

It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...

CVE-2014-3977 - Privilege Escalation in IBM AIX

Vulnerability title: Privilege Escalation in IBM AIX CVE: CVE-2014-3977 Vendor: IBM Product: AIX Affected version: 6.1.8 and later Fixed version: N/A Reported by: Tim Brown Details: It has been identified that libodm allows privilege escalation via arbitrary file writes with elevated privileges...

Updated libcap-ng packages fix CVE-2014-3215

Updated libcap-ng packages fix security vulnerability: capnglock in libcap-ng before 0.7.4 sets securebits in an attempt to prevent regaining capabilities using setuid-root programs. This allows a user to run setuid programs, such as seunshare from policycoreutils, as uid 0 but without...

CVE-2014-0181

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the 1 stdou...

Code injection

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...

DEBIAN-CVE-2012-3524

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...

CVE-2012-4425

The CVE affects spice-gtk (and possibly other products) where libgio is used in setuid/privileged contexts. The root cause is inadequate sanitization of the DBUS_SYSTEM_BUS_ADDRESS environment variable, enabling a local attacker to gain escalated privileges and execute arbitrary code. Evidence in...

dbus: privilege escalation when libdbus is used in setuid/setgid application

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...

Mandrake Linux Security Advisory : glibc (MDKSA-2000:045-1)

A bug was discovered in ld.so that could allow local users to obtain root privileges. The dynamic loader, ld.so, is responsible for making shared libraries available within a program at run-time. Normally, a user is allowed to load additional shared libraries when executing a program; they can be...

Information disclosure

The C handler plug-in in Automatic Bug Reporting Tool ABRT, possibly 2.0.8 and earlier, does not properly set the group GID permissions on core dump files for setuid programs when the sysctl fs.suiddumpable option is set to 2, which allows local users to obtain sensitive information...