CVE-2011-2910

The AX.25 daemon ax25d in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation...

CVE-2019-18862

maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode...

ntfs-3g: heap-based buffer overflow leads to local root privilege escalation

An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In...

ntfs-3g: heap-based buffer overflow leads to local root privilege escalation

An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In...

Design/Logic Flaw

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext3 call with flags to change the UID, primary GID, and secondary GIDs was replaced on certain platforms: Linux and possibly NetBSD with a single setuid2 call. This resulted in neither...

CVE-2019-15901

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext3 call with flags to change the UID, primary GID, and secondary GIDs was replaced on certain platforms: Linux and possibly NetBSD with a single setuid2 call. This resulted in neither...

CVE-2019-4558

A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files...

CVE-2019-4558

A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files...

PT-2019-4758 · Python +2 · Pam-Python +2

Name of the Vulnerable Software and Affected Versions: pam-python versions prior to 1.0.7-1 Description: The issue is related to insecure privilege management in the pam-python PAM module, which allows an attacker to escalate privileges using a specially crafted binary file with the setuid flag...

Semmle: Privilege escalation in workers container

Summary about the bugs: In the prepare step, semmle allows user to install new package. By upload a malicious package along with source code and force server to build this package, attacker will gain root access to the container Steps: 1. Create a malicious package contains the backdoor: I use th...

CVE-2019-4447

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpumdebug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a...

CVE-2019-4448

CVE-2019-4448 affects IBM DB2 High Performance Unload (HPU) load for LUW. The vulnerable binaries db2hpum and db2hpum_debug are setuid root and provide built-in options to load arbitrary libraries from a privileged context, enabling a low-privilege user to execute arbitrary code with root authori...

PT-2019-17087 · Ibm +1 · Ibm Db2 High Performance Unload +1

Name of the Vulnerable Software and Affected Versions: IBM DB2 High Performance Unload load for LUW versions 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 Description: The issue concerns a setuid root binary db2hpum debug that trusts the PATH environment variable. A...

ktsuss suid Privilege Escalation

This module attempts to gain root privileges by exploiting a vulnerability in ktsuss versions 1.4 and prior. The ktsuss executable is setuid root and does not drop privileges prior to executing user specified commands, resulting in command execution with root privileges. This module has been test...

NewStart CGSL MAIN 4.05 : bash Multiple Vulnerabilities (NS-SA-2019-0108)

The remote NewStart CGSL host, running version MAIN 4.05, has bash packages installed that are affected by multiple vulnerabilities: - A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of...

Buffer Overflows And Privilege Escalation

libguestfs-winsupport is vulnerable to heap-based buffer overflow. An attacker can run /bin/ntfs-3g with a malicious file, even causing local access escalation attack if the /bin/ntfs-3g is a setuid-root binary...

ntfs-3g: heap-based buffer overflow leads to local root privilege escalation

An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In...

ASAN / SUID - Local Privilege Escalation Exploit

Exploit for multiple platform in category local exploits !/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload ...

CVE-2019-12573

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpnlauncher binary is setuid root. This binary supports the --log option, which accepts a path as an argument...

CVE-2019-12573

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpnlauncher binary is setuid root. This binary supports the --log option, which accepts a path as an argument...