DEBIAN-CVE-2014-0470

super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMITNPROC attack...

Code injection

super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMITNPROC attack...

CVE-2014-0470

super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMITNPROC attack...

UBUNTU-CVE-2014-0470

super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMITNPROC attack...

CVE-2014-0470

CVE-2014-0470 affects the Super package (version 3.30.0) where the setuid() return value is not checked when the -F flag is used, enabling local privilege escalation via an RLIMIT_NPROC scenario. Root cause: failure to verify setuid() result. Public references (e.g., Debian security advisory DSA-...

CVE-2014-0470

super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMITNPROC attack...

CVE-2014-0470

super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMITNPROC attack...

Design/Logic Flaw

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the 1 stdou...

CVE-2014-0181

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the 1 stdou...

CVE-2014-0181

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the 1 stdou...

CVE-2013-6216 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in multiple HP products on Linux

Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics and SmartSSD Wear Gauge Utility Running on Linux CVE: CVE-2013-6216 Vendor: HP Product: HP Array Configuration...

BMC Patrol For AIX Insecure RPATH Use

Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in BMC Patrol for AIX CVE: CVE-2014-2591 Vendor: BMC Product: Patrol for AIX Affected version: 3.9.00 Fixed version: N/A Reported by: Tim Brown Details: It has been identified that binaries that are executed...

HP Insecure RPATH Use

Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics and SmartSSD Wear Gauge Utility Running on Linux CVE: CVE-2013-6216 Vendor: HP Product: HP Array Configuration...

QNX 6.4.x/6.5.x ifwatchd - Local root Exploit

Exploit for QNX platform in category local exploits !/bin/sh QNX 6.4.x/6.5.x ifwatchd local root exploit by cenobyte 2013 - vulnerability description: Setuid root ifwatchd watches for addresses added to or deleted from network interfaces and calls up/down scripts for them. Any user can launch...

QNX 6.5.0 x86 io-graphics - Local Privilege Escalation

/ QNX 6.5.0 x86 io-graphics local root exploit by cenobyte 2013 - vulnerability description: Setuid root /usr/photon/bin/io-graphics on QNX is prone to a buffer overflow. The vulnerability is due to insufficent bounds checking of the PHOTON2HOME environment variable. - vulnerable platforms: QNX...

QNX 6.x Photon Denial Of Service / File Overwrite

QNX 6.x Photon denial of service vulnerability by cenobyte 2013 - vulnerability description: QNX setuid root /usr/photon/bin/Photon allows users to create new servers with arbitrary filenames registered with the -N parameter. Photon does not check whether files exist and/or the owner of the ile i...

QNX 6.5.0 x86 io-graphics - Local root Exploit

Exploit for QNX platform in category local exploits / QNX 6.5.0 x86 io-graphics local root exploit by cenobyte 2013 - vulnerability description: Setuid root /usr/photon/bin/io-graphics on QNX is prone to a buffer overflow. The vulnerability is due to insufficent bounds checking of the PHOTON2HOME...

QNX 6.5.0 x86 phfont - Local Privilege Escalation

/ QNX 6.5.0 x86 phfont local root exploit by cenobyte 2013 - vulnerability description: Setuid root /usr/photon/bin/phfont on QNX is prone to a buffer overflow. The vulnerability is due to insufficent bounds checking of the PHOTONHOME environment variable. - vulnerable platforms: QNX 6.5.0SP1 QNX...

QNX 6.x phgrafx File Enumeration

QNX 6.x phgrafx file enumeration vulnerability by cenobyte 2013 - vulnerability description: QNX setuid root /usr/photon/bin/phgrafx allows any non-root user to enumerate files and directories due to opendir messages. - vulnerable platforms: QNX 6.5.0SP1 QNX 6.5.0 QNX 6.4.1 QNX 6.3.0 QNX 6.2.0 -...

QNX 6.4.x6.5.x pppoectl - Information Disclosure

QNX 6.4.x6.5.x pppoectl - Information Disclosure QNX 6.4.x/6.5.x pppoectl disclose /etc/shadow by cenobyte 2013 - vulnerability description: QNX setuid root /sbin/pppoectl allows any user to gain access to privileged information such as the root password hash. The vulnerability exists because of ...