3209 matches found
systemd DynamicUser SetUID Binary Creation
systemd: DynamicUser can create setuid binaries when assisted by another process Related CVE Numbers: CVE-2019-3844. I am sending this bug report to Ubuntu as requested by systemd at . This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another...
CVE-2019-3901
A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...
CVE-2019-3901
A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...
DEBIAN-CVE-2019-3901
A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...
CVE-2019-3901
A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...
Race condition
A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...
UBUNTU-CVE-2019-3901
A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...
CVE-2019-3901
CVE-2019-3901 describes a race condition in perf_event_open() that can leak data from setuid processes. The root cause is that cred_guard_mutex is not held during the ptrace_may_access() check, allowing a target task to execve() with setuid execution before perf_event_alloc() attaches, bypassing ...
CVE-2019-3901
A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...
CVE-2019-3901
A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...
OPENSUSE-SU-2019:1227-1 Security update for lxc, lxcfs
This update for lxc, lxcfs to version 3.1.0 fixes the following issues: Security issues fixed: - CVE-2019-5736: Fixed a container breakout vulnerability boo1122185. - CVE-2018-6556: Enable setuid bit on lxc-user-nic boo988348. Non-security issues fixed: - Update to LXC 3.1.0. The changelog is far...
Security update for lxc, lxcfs (important)
openSUSE Security Update: Security update for lxc, lxcfs Announcement ID: openSUSE-SU-2019:1227-1 Rating: important References: 1122185 1131762 988348 Cross-References: CVE-2018-6556 CVE-2019-5736 Affected Products: openSUSE Backports SLE-15 An update that solves two vulnerabilities and has one...
Race condition
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in fs/binfmtelf.c, and thus the ptracemayaccess check has a race condition when reading /proc/pid/stat...
CVE-2019-11191
The Linux kernel through 5.0.7, when CONFIGIA32AOUT is enabled and ia32aout is loaded, allows local users to bypass ASLR on setuid a.out programs if any exist because installexeccreds is called too late in loadaoutbinary in fs/binfmtaout.c, and thus the ptracemayaccess check has a race condition...
CVE-2019-11190
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in fs/binfmtelf.c, and thus the ptracemayaccess check has a race condition when reading /proc/pid/stat...
CVE-2019-11191
The Linux kernel through 5.0.7, when CONFIGIA32AOUT is enabled and ia32aout is loaded, allows local users to bypass ASLR on setuid a.out programs if any exist because installexeccreds is called too late in loadaoutbinary in fs/binfmtaout.c, and thus the ptracemayaccess check has a race condition...
CVE-2019-11190
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in fs/binfmtelf.c, and thus the ptracemayaccess check has a race condition when reading /proc/pid/stat...
DEBIAN-CVE-2019-11190
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in fs/binfmtelf.c, and thus the ptracemayaccess check has a race condition when reading /proc/pid/stat...
DEBIAN-CVE-2019-11191
The Linux kernel through 5.0.7, when CONFIGIA32AOUT is enabled and ia32aout is loaded, allows local users to bypass ASLR on setuid a.out programs if any exist because installexeccreds is called too late in loadaoutbinary in fs/binfmtaout.c, and thus the ptracemayaccess check has a race condition...
CVE-2019-11191
The CVE-2019-11191 entry describes a local ASLR bypass in the Linux kernel (up to 5.0.7) when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded. The vulnerability arises because install_exec_creds() is invoked too late in load_aout_binary() (fs/binfmt_aout.c), creating a race in ptrace_may_acce...