UBUNTU-CVE-2016-1531

Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perlstartup argument...

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) regression (USN-2910-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2910-2 advisory. USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics...

Ubuntu 14.04 LTS : Linux kernel (Wily HWE) regression (USN-2908-5)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2908-5 advisory. USN-2908-2 fixed vulnerabilities in the Ubuntu 15.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics...

USN-2909-1: Linux kernel (Utopic HWE) vulnerabilities

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...

USN-2909-1 linux-lts-utopic vulnerabilities

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...

USN-2908-3: Linux kernel (Raspberry Pi 2) vulnerabilities

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...

CVE-2016-1576

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program...

UBUNTU-CVE-2016-1576

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program...

[SECURITY] [DLA 397-1] ecryptfs-utils security update

Package : ecryptfs-utils Version : 83-4+squeeze2 CVE ID : CVE-2016-1572 Jann Horn discovered that the setuid-root mount.ecryptfsprivate helper in the ecryptfs-utils would mount over any target directory that the user owns, including a directory in procfs. A local attacker could use this flaw to...

[SECURITY] [DSA 3450-1] ecryptfs-utils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3450-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 20, 2016 https://www.debian.org/security/faq -...

DSA-3450-1 ecryptfs-utils - security update

Bulletin has no description...

Debian Security Advisory DSA 3450-1 (ecryptfs-utils - security update)

Jann Horn discovered that the setuid-root mount.ecryptfsprivate helper in the ecryptfs-utils would mount over any target directory that the user owns, including a directory in procfs. A local attacker could use this flaw to escalate his privileges. OpenVAS Vulnerability Test $Id: deb3450.nasl 660...

Linux Kernel 4.3.3 - 'overlayfs' Privilege Escalation (2)

Exploit for linux platform in category local exploits / This software is provided by the copyright owner "as is" and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall...

Amanda 3.3.1 - Local Privilege Escalation

/ AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup solution that allows the IT administrator to set up a single master backup server to back up multiple hosts over network to tape drives/changers or disks or optical media. Amanda uses native utilities and formats e.g. du...

CVE-2015-7362

Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program...

CVE-2015-1947

Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program...

Design/Logic Flaw

Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program...

DeleGate 9.9.13 - Local Privilege Escalation

Title: Local root vulnerability in DeleGate v9.9.13 Author: Larry W. Cashdollar, @larry0 Date: 2015-12-17 Advisory: http://www.vapidlabs.com/advisory.php?v=159 Download Sites: http://delegate.hpcc.jp/delegate/ http://delegate.org/delegate/ Vendor: National Institute of Advanced Industrial Science...

DeleGate 9.9.13 - Privilege Escalation

Exploit for linux platform in category local exploits Title: Local root vulnerability in DeleGate v9.9.13 Author: Larry W. Cashdollar, @larry0 Date: 2015-12-17 Advisory: http://www.vapidlabs.com/advisory.php?v=159 Download Sites: http://delegate.hpcc.jp/delegate/ http://delegate.org/delegate/...

DeleGate 9.9.13 - Local Privilege Escalation

DeleGate 9.9.13 - Local Privilege Escalation Title: Local root vulnerability in DeleGate v9.9.13 Author: Larry W. Cashdollar, @larry0 Date: 2015-12-17 Advisory: http://www.vapidlabs.com/advisory.php?v=159 Download Sites: http://delegate.hpcc.jp/delegate/ http://delegate.org/delegate/ Vendor:...