CVE-2020-26880

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...

Arbitrary Code Execution

glibc is vulnerable to arbitary code execution.It is possible because LDPREFERMAP32BITEXEC doe not ignore in setuid binaries...

RHEL 7 : glibc (RHSA-2020:3861)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3861 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache...

glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries

A vulnerability was discovered in glibc where the LDPREFERMAP32BITEXEC environment variable is not ignored when running binaries with the setuid flag on x8664 architectures. This allows an attacker to force system to utilize only half of the memory making the system think the software is 32-bit...

Low: Red Hat Security Advisory: glibc security, bug fix, and enhancement update

An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Huawei EulerOS: Security Advisory for bubblewrap (EulerOS-SA-2020-1838)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : bubblewrap (EulerOS-SA-2020-1838)

According to the version of the bubblewrap package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Bubblewrap bwrap before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the bwrap --userns...

GLSA-202008-09 : Shadow: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-202008-09 Shadow: Privilege escalation When Shadow was installed with the PAM use flag, setuid binaries provided by Shadow were not properly restricted. Impact : A local attacker could escalate privileges to root. Workaround : The...

Shadow: Privilege escalation

Background Shadow is a set of tools to deal with user accounts. Description When Shadow was installed with the PAM use flag, setuid binaries provided by Shadow were not properly restricted. Impact A local attacker could escalate privileges to root. Workaround There is no known workaround at this...

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future when the GID will be recycled.

...

Firejail OS Command Injection Vulnerability

Firejail is a SUID sandboxing program written in C. A security vulnerability exists in Firejail 0.9.62 and earlier versions. An attacker can exploit the vulnerability to execute arbitrary commands...

DEBIAN-CVE-2020-14344

An integer overflow leading to a heap-buffer overflow was found in The X Input Method XIM client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are...

CVE-2020-14344

An integer overflow leading to a heap-buffer overflow was found in The X Input Method XIM client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are...

ALPINE-CVE-2020-14344

An integer overflow leading to a heap-buffer overflow was found in The X Input Method XIM client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are...

UBUNTU-CVE-2020-14344

An integer overflow leading to a heap-buffer overflow was found in The X Input Method XIM client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are...

Integer overflow

An integer overflow leading to a heap-buffer overflow was found in The X Input Method XIM client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are...

CVE-2020-14344

An integer overflow leading to a heap-buffer overflow was found in The X Input Method XIM client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are...

kernel: perf_event_open() and execve() race in setuid programs allows a data leak

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

CVE-2020-14976

GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration file while executing in a setuid root context...

CVE-2020-14976

GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration file while executing in a setuid root context...