AIX 6.1 TL 2 : libc (IZ50121)

There is a race condition in the MALLOCDEBUG debugging component of the malloc subsystem in the library libc.a. A local user can exploit this race condition when executing setuid root programs and thereby overwrite any file in the system. The successful exploitation of this vulnerability allows a...

AIX 6.1 TL 0 : libc (IZ50139)

There is a race condition in the MALLOCDEBUG debugging component of the malloc subsystem in the library libc.a. A local user can exploit this race condition when executing setuid root programs and thereby overwrite any file in the system. The successful exploitation of this vulnerability allows a...

AIX 5.3 TL 7 : libc (IZ50517)

There is a race condition in the MALLOCDEBUG debugging component of the malloc subsystem in the library libc.a. A local user can exploit this race condition when executing setuid root programs and thereby overwrite any file in the system. The successful exploitation of this vulnerability allows a...

SuSE 11.1 / 11.2 Security Update : zypper (SAT Patch Numbers 6527 / 6528)

The following issue has been fixed : - The zypper setuid wrapper linked against libzypp. This is not needed and added unnecessary attack vectors. CVE-2012-0420 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

RHEL 4 : kernel (RHSA-2009:1077)

Updated kernel packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the cor...

AIX 5.3 TL 7 : at (IZ43454)

The at command does not drop permissions when reading certain files. A local attacker may exploit this error to read any file on the system because the command is setuid root. The following file is vulnerable : /usr/bin/at. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the...

AIX 5.2 TL 0 : at (IZ43452)

The at command does not drop permissions when reading certain files. A local attacker may exploit this error to read any file on the system because the command is setuid root. The following file is vulnerable : /usr/bin/at. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the...

RHEL 5 : kernel (RHSA-2010:0079)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel...

Design/Logic Flaw

The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file...

CVE-2012-4845

The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file...

[USN-1576-1] DBus vulnerability

========================================================================== Ubuntu Security Notice USN-1576-1 September 20, 2012 dbus vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

GLSA-201209-22 : libgssglue: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201209-22 libgssglue: Privilege escalation libgssglue does not securely use getenv when loading a library for a setuid application. Impact : A local attacker could gain escalated privileges. Workaround : There is no known workarou...

libgssglue: Privilege escalation

Background libgssglue exports a GSSAPI interface which calls other random GSSAPI libraries. Description libgssglue does not securely use getenv when loading a library for a setuid application. Impact A local attacker could gain escalated privileges. Workaround There is no known workaround at this...

Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : dbus vulnerability (USN-1576-1)

Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges. Note that Tenable Network Security has extracted the preceding description block...

Code injection

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...

DEBIAN-CVE-2012-3524

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...

CVE-2012-4425

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...

CVE-2012-4425

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...

CVE-2012-4425

The CVE affects spice-gtk (and possibly other products) where libgio is used in setuid/privileged contexts. The root cause is inadequate sanitization of the DBUS_SYSTEM_BUS_ADDRESS environment variable, enabling a local attacker to gain escalated privileges and execute arbitrary code. Evidence in...

CVE-2012-3524

CVE-2012-3524 affects libdbus 1.5.x and earlier when used in setuid/privileged programs; it permits local privilege escalation via the DBUS_SYSTEM_BUS_ADDRESS environment variable. Mitigation per the advisories is that the vulnerability lies in applications that fail to cleanse environment variab...