3209 matches found
CVE-2019-18276
A privilege escalation vulnerability was found in bash in the way it dropped privileges when started with an effective user id not equal to the real user id. Bash may be vulnerable to this flaw if the setuid permission is set and the owner of the bash program itself is a non-root user. A local...
Bash 5.0 Patch 11 Privilege Escalation
Exploit Title : Bash 5.0 Patch 11 - SUID Priv Drop Exploit Date : 2019-11-29 Original Author: Ian Pudney , Chet Ramey Exploit Author : Mohin Paramasivam Shad0wQu35t Version : pwn.c cat E...
Bash 5.0 Patch 11 - SUID Priv Drop Exploit
Exploit Title : Bash 5.0 Patch 11 - SUID Priv Drop Exploit Original Author: Ian Pudney , Chet Ramey Exploit Author : Mohin Paramasivam Shad0wQu35t Version : pwn.c cat pwn.c include include include void attributec...
Bash 5.0 Patch 11 - SUID Priv Drop Exploit
Bash 5.0 Patch 11 - SUID Priv Drop Exploit Exploit Title : Bash 5.0 Patch 11 - SUID Priv Drop Exploit Date : 2019-11-29 Original Author: Ian Pudney , Chet Ramey Exploit Author : Mohin Paramasivam Shad0wQu35t Version : pwn.c cat pwn.c include...
Design/Logic Flaw
An issue was discovered in disableprivmode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems th...
CVE-2019-18276
CVE-2019-18276 affects GNU Bash up to 5.0 patch 11, where disable_priv_mode in shell.c incorrectly drops privileges when UID real != effective, leaving the saved UID intact. An attacker with shell command execution can use enable -f to load a new builtin (shared object) that calls setuid(), regai...
GNU Mailutils 3.7 - Privilege Escalation Exploit
Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo CVE : CVE-2019-18862 Title : GNU Mailuti...
GNU Mailutils 3.7 - Privilege Escalation
Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo CVE : CVE-2019-18862 Title : GNU Mailuti...
GNU Mailutils 3.7 - Privilege Escalation
GNU Mailutils 3.7 - Privilege Escalation Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo...
CVE-2019-19126
A vulnerability was discovered in glibc where the LDPREFERMAP32BITEXEC environment variable is not ignored when running binaries with the setuid flag on x8664 architectures. This allows an attacker to force system to utilize only half of the memory making the system think the software is 32-bit...
GNU C Library ASLR Bypass Vulnerability
The GNU C Library glibc is an open-source, free, easy-to-download C compiler released under the LGPL license. An ASLR bypass vulnerability exists in GNU C Library glibc versions prior to 2.31 on the x86-64 architecture. The vulnerability stems from GNU C Library failing to ignore the...
DEBIAN-CVE-2019-19126
On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...
CVE-2019-19126
On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...
UBUNTU-CVE-2019-19126
On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...
CVE-2019-19126
On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...
Code injection
On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...
CVE-2011-2910
The AX.25 daemon ax25d in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation...
CVE-2011-2910
The AX.25 daemon ax25d in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation...
DEBIAN-CVE-2011-2910
The AX.25 daemon ax25d in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation...
Privilege escalation
The AX.25 daemon ax25d in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation...