CVE-2016-10323

Synology Photo Station prior to version 6.3-2958 contains an elevation of privilege due to a setuid execution flaw in the command "synophoto_dsm_user --copy-no-ea", allowing local users to gain privileges. This is documented across multiple sources (CVE-2016-10323, including Red Hat and CVE recor...

Linux Kernel (PonyOS 4.0) - fluttershy LD_LIBRARY_PATH Local Privilege Escalation

Linux Kernel PonyOS 4.0 - fluttershy LDLIBRARYPATH Local Privilege Escalation !/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running...

Linux Kernel (PonyOS 4.0) - 'fluttershy' LD_LIBRARY_PATH Local Privilege Escalation

!/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running setuid files allowing for local root exploitation through manipulated...

Debian DLA-876-1 : eject security update

Ilja Van Sprundel discovered that eject a tool to eject CD/DVD drives did not properly handle errors returned from setuid/setgid. For Debian 7 'Wheezy', this issue has been fixed in eject version 2.1.5+deb1+cvs20081104-13+deb7u1. We recommend that you upgrade your eject packages. NOTE: Tenable...

Debian DSA-3823-1 : eject - security update

Ilja Van Sprundel discovered that the dmcrypt-get-device helper used to check if a given device is an encrypted device handled by devmapper, and used in eject, does not check return values from setuid and setgid when dropping privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 3823-1] eject security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3823-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 28, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 876-1] eject security update

Package : eject Version : 2.1.5+deb1+cvs20081104-13+deb7u1 CVE ID : CVE-2017-6964 Debian Bug : 858872 Ilja Van Sprundel discovered that eject a tool to eject CD/DVD drives did not properly handle errors returned from setuid/setgid. For Debian 7 "Wheezy", this issue has been fixed in eject version...

CVE-2017-6964

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the 1 setuid or 2 setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through...

Design/Logic Flaw

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the 1 setuid or 2 setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through...

Firejail Local Elevation of Privilege Vulnerability

Firejail is a SUID program designed to reduce the risk of security violations by restricting the runtime environment of untrusted applications through the use of Linux namespaces and seccomp-bpf. Firejail suffers from a local elevation of privilege vulnerability. An attacker could exploit this...

Debian Security Advisory DSA 3823-1 (eject - security update)

Ilja Van Sprundel discovered that the dmcrypt-get-device helper used to check if a given device is an encrypted device handled by devmapper, and used in eject, does not check return values from setuid and setgid when dropping privileges. OpenVAS Vulnerability Test $Id: deb3823.nasl 6607 2017-07-0...

UBUNTU-CVE-2017-5899

Directory traversal vulnerability in the setuid root helper binary in S-nail later S-mailx before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. dot dot in the randstr argument...

CVE-2017-5899

Directory traversal vulnerability in the setuid root helper binary in S-nail later S-mailx before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. dot dot in the randstr argument...

UBUNTU-CVE-2017-6964

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the 1 setuid or 2 setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through...

Debian: Security Advisory (DSA-3823-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution

An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances...

Privilege escalation

A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This...

CVE-2017-6516

A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This...

CVE-2017-6516

A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This...

Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode (31 bytes)

Linux/x86-64 - Polymorphic Setuid0 & Execve/bin/sh Shellcode 31 bytes. Shellcode exploit for Linx86-64 platform ;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation file...