3209 matches found
CVE-2019-11191
The Linux kernel through 5.0.7, when CONFIGIA32AOUT is enabled and ia32aout is loaded, allows local users to bypass ASLR on setuid a.out programs if any exist because installexeccreds is called too late in loadaoutbinary in fs/binfmtaout.c, and thus the ptracemayaccess check has a race condition...
CVE-2019-11190
CVE-2019-11190 affects the Linux kernel prior to 4.8. Local users could bypass ASLR on setuid programs (e.g., /bin/su) due to install_exec_creds() being invoked late in load_elf_binary() in fs/binfmt_elf.c, creating a race in ptrace_may_access() when reading /proc/pid/stat. Connected advisories (...
CVE-2019-11190
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in fs/binfmtelf.c, and thus the ptracemayaccess check has a race condition when reading /proc/pid/stat...
CVE-2019-11190
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in fs/binfmtelf.c, and thus the ptracemayaccess check has a race condition when reading /proc/pid/stat...
UBUNTU-CVE-2019-11190
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in fs/binfmtelf.c, and thus the ptracemayaccess check has a race condition when reading /proc/pid/stat...
CVE-2019-11191
The Linux kernel through 5.0.7, when CONFIGIA32AOUT is enabled and ia32aout is loaded, allows local users to bypass ASLR on setuid a.out programs if any exist because installexeccreds is called too late in loadaoutbinary in fs/binfmtaout.c, and thus the ptracemayaccess check has a race condition...
UBUNTU-CVE-2019-11191
The Linux kernel through 5.0.7, when CONFIGIA32AOUT is enabled and ia32aout is loaded, allows local users to bypass ASLR on setuid a.out programs if any exist because installexeccreds is called too late in loadaoutbinary in fs/binfmtaout.c, and thus the ptracemayaccess check has a race condition...
CVE-2019-11190
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in fs/binfmtelf.c, and thus the ptracemayaccess check has a race condition when reading /proc/pid/stat...
openSUSE Security Update : spice-gtk (openSUSE-2019-693)
This update for spice-gtk fixes the following issues : Security issues fixed : - CVE-2018-10873: Fix potential heap corruption when demarshalling bsc1104448 - CVE-2018-10893: Avoid buffer overflow on image lz checks bsc1101295 Other bugs fixed : - Add setuid bit to spice-client-glib-usb-acl-helpe...
UBUNTU-CVE-2019-9755
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In...
PT-2019-5360 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.0.7 Description: The issue allows local users to bypass ASLR on setuid a.out programs because install exec creds is called too late in load aout binary in fs/binfmt aout.c, and thus the ptrace may access check...
AddressSanitizer (ASan) - SUID Executable Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer ASan. ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The logpath option can be set using the...
AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AddressSanitizer ASan SUID Executable Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Linux systems usi...
ASLR Bypass
kernel-rt is vulnerable to ASLR bypass attacks. The vulnerability exists as the archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the...
Authorization Bypass
hplip is vulnerable to authorization bypass. The checkpermissionv1 function in base/pkit.py does not properly use D-Bus for communications with a polkit authority. A race condition in the PolkitUnixProcess PolkitSubject allows a local user to bypass access restrictions via a setuid or pkexec...
Authorization Bypass
spice-gtk is vulnerable to authorization bypass. The communication to polkit for authorization via an API call is vulnerable to a race condition in setuid or pkexec process, which allows a local user to bypass access restrictions...
Privilege Escalation
polkit is vulnerable to privilege escalation. A race condition in the PolicyKit pkcheck utility when the process is specified by its process ID via the --process option, allows a local user to bypass intended authorization and escalate their privileges by starting a setuid or pkexec process befor...
Authorization Bypass
kernel-rt is vulnerable to authorization bypass attacks. The vulnerability exists as the Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access...
xorg-x11-server Local Privilege Escalation
!/bin/sh Exploit Title: xorg-x11-server A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their...
xorg-x11-server 1.20.3 (Solaris 11) - inittab Local Privilege Escalation
xorg-x11-server 1.20.3 Solaris 11 - inittab Local Privilege Escalation !/bin/sh Exploit Title: xorg-x11-server A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the...