CVE-2019-20795

iproute2 before 5.1.0 has a use-after-free in getnetnsidfromname in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors such as C library...

CVE-2019-20795

iproute2 before 5.1.0 has a use-after-free in getnetnsidfromname in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors such as C library...

RHEL 8 : glibc (RHSA-2020:1828)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1828 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache...

glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries

A vulnerability was discovered in glibc where the LDPREFERMAP32BITEXEC environment variable is not ignored when running binaries with the setuid flag on x8664 architectures. This allows an attacker to force system to utilize only half of the memory making the system think the software is 32-bit...

Common Desktop Environment 2.3.1 / 1.6 libDtSvc Buffer Overflow Vulnerability

A difficult to exploit stack-based buffer overflow in the DtCreateDtDirs function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 Update 11 and earlier may allow local users to corrupt memory and potentially execute arbitrary code in order to escalate privileges...

Oracle Solaris 11.x / 10 whodo / w Buffer Overflow

@Mediaservice.net Security Advisory 2020-07 last updated on 2020-04-15 Title: Heap-based buffer overflow in Solaris whodo and w commands Application: Setuid root whodo and w binaries distributed with Solaris Platforms: Oracle Solaris 11.x confirmed on 11.4 X86 Oracle Solaris 10 confirmed on 10 1/...

VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Fusion USB Arbitrator Setuid Privilege Escalation', 'Description' = %q This exploits an improper use of setuid binaries within VMware Fusi...

EulerOS 2.0 SP3 : glibc (EulerOS-SA-2020-1388)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by...

CVE-2020-5291

Bubblewrap bwrap before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the bwrap --userns2 option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that...

Arbitrary Code Execution

policycoreutils is vulnerable to arbitrary code execution. The vulnerability exists as it was discovered that the seunshare utility did not enforce proper file permissions on the directory used as an alternate temporary directory mounted as /tmp/. A local user could use this flaw to overwrite fil...

Denial Of Service (DoS)

samba is vulnerable to denial of service. It was found that the fix for CVE-2010-0547, provided by the Samba rebase in RHBA-2011:0054, was incomplete. The mount.cifs tool did not properly handle share or directory names containing a newline character, allowing a local attacker to corrupt the mtab...

Insecure Resource Limit Verification

samba does not properly verify resource limits. It was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cif...

Privilege Escalation

glibc is vulnerable to privilege escalation. A local user is able to gain privileges by creating a hard link in an arbitrary directory to a setuid program...

Privilege Escalation

glibc is vulnerable to privilege escalation. The fix for CVE-2010-3847 introduced a regression in the way the dynamic loader expanded the $ORIGIN dynamic string token specified in the RPATH and RUNPATH entries in the ELF library header. A local attacker could use this flaw to escalate their...

Privilege Escalation

glibc is vulnerable to privilege escalation. It was discovered that the glibc addmntent function did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into /etc/mtab via certain setuid mount helpers, if the attacker were allowed to mount to a...

Denial Of Service (DoS)

glibc is vulnerable to privilege escalation. It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LDAUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use...

Privilege Escalation

Pluggable Authentication Modules PAM is vulnerable to Privilege Escalation. The attack exists because pamnamespace.c in the pamnamespace module in Linux-PAM uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to...

Denial Of Service (DoS)

The kernel is vulnerable to denial of service DoS.The ADDRCOMPATLAYOUT and MMAPPAGEZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmapminaddr protection mechanism and perform a NULL pointer dereference attack,...

Privilege Escalation

util-linux is vulnerable to privilege escalation. The vulnerability exists as a flaw was discovered in the way that the mount and umount utilities used the setuid and setgid functions, which could lead to privileges being dropped improperly. A local user could use this flaw to run mount helper...

CVE-2019-11191

The Linux kernel allows local users to bypass ASLR protections for setuid a.out programs when CONFIGIA32AOUT is enabled and ia32aout module is loaded, because installexeccreds is called too late in the loadaoutbinary in fs/binfmtaout.c. Due to this, the ptracemayaccess check may have a race...