Mandrake Linux Security Advisory : glibc (MDKSA-2000:040)

A bug was discovered in ld.so that could allow local users to obtain root privileges. The dynamic loader, ld.so, is responsible for making shared libraries available within a program at run-time. Normally, a user is allowed to load additional shared libraries when executing a program; they can be...

Mandrake Linux Security Advisory : glibc (MDKSA-2000:045-1)

A bug was discovered in ld.so that could allow local users to obtain root privileges. The dynamic loader, ld.so, is responsible for making shared libraries available within a program at run-time. Normally, a user is allowed to load additional shared libraries when executing a program; they can be...

Scientific Linux Security Update : kernel on SL3.x i386/x86_64

CVE-2008-5029 kernel: Unix sockets kernel panic CVE-2008-5300 kernel: fix soft lockups/OOM issues with unix socket garbage collector CVE-2009-1337 kernel: exitnotify: kill the wrong capableCAPKILL check CVE-2009-1385 kernel: e1000cleanrxirq denial of service CVE-2009-1895 kernel: personality: fix...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This update fixes the following security issues : - a logic error was found in the dosetlk function of the Linux kernel Network File System NFS implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly created. This could cause a denial of service on the NFS...

Scientific Linux Security Update : rpm on SL4.x i386/x86_64

It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading or removing packages. A local attacker able to create hard links to binaries could use this flaw to keep those binaries on the system, at a specific version level and with the setuid or setgid bit set,...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

the Xen implementation did not prevent applications running in a para-virtualized guest from modifying CR4 TSC. This could cause a local denial of service. CVE-2007-5907, Important - Tavis Ormandy reported missing boundary checks in the Virtual Dynamic Shared Objects vDSO implementation. This...

Scientific Linux Security Update : kernel on SL4.x i386/x86_64

These new kernel packages contain fixes for the security issues described below : - a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN netwo...

Scientific Linux Security Update : rpm on SL5.x i386/x86_64

It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading packages. A local attacker able to create hard links to binaries could use this flaw to keep those binaries on the system, at a specific version level and with the setuid or setgid bit set, even if the...

CentOS Update for glibc CESA-2011:0412 centos5 x86_64

Check for the Version of glibc OpenVAS Vulnerability Test CentOS Update for glibc CESA-2011:0412 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

CentOS Update for samba3x CESA-2011:1220 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Setuid Nmap Exploit

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Information disclosure

The C handler plug-in in Automatic Bug Reporting Tool ABRT, possibly 2.0.8 and earlier, does not properly set the group GID permissions on core dump files for setuid programs when the sysctl fs.suiddumpable option is set to 2, which allows local users to obtain sensitive information...

python-wrapper - Untrusted Search PathCode Execution

python-wrapper - Untrusted Search PathCode Execution python-wrapper untrusted search path/code execution vulnerability Python-wrapper executes any test.py script within the current working directory, when supplied with help'modules'. A non-priviledged user may gain code execution by tricking root...

Python-wrapper Untrusted Search Path / Code Execution

python-wrapper untrusted search path/code execution vulnerability Python-wrapper executes any test.py script within the current working directory, when supplied with help'modules'. A non-priviledged user may gain code execution by tricking root to help'modules' or help and then modules from withi...

abrt: Setuid process core dump archived with unsafe GID permissions

The C handler plug-in in Automatic Bug Reporting Tool ABRT, possibly 2.0.8 and earlier, does not properly set the group GID permissions on core dump files for setuid programs when the sysctl fs.suiddumpable option is set to 2, which allows local users to obtain sensitive information...

Setuid Nmap Exploit

Nmap's man page mentions that "Nmap should never be installed with special privileges e.g. suid root for security reasons.." and specifically avoids making any of its binaries setuid during installation. Nevertheless, administrators sometimes feel the need to do insecure things. This module abuse...

Root Access Vulnerability on ZTE Android Device

Certain Android devices manufactured by the China-based ZTE Corporation contain a poorly protected setuid shell that can be used to gain root-access to vulnerable devices, according to Lookout Mobile Security. Any attacker who successfully exploits the vulnerability will have complete control of...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4186)

This kernel update fixes the following security problems : - The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers IPV6RTHDRTYPE0 that create network amplification between two routers. CVE-2007-2242 The default is that RH0 is disabled now. To...

mount.cifs chdir() File Identification

Blueliv Advisory 2012-004 - Discovered by: Jesus Olmos Gonzalez at Blueliv - Risk: 5/5 - Impact: 1/5 1. VULNERABILITY ------------------------- linux privileged and arbitrary chdir, this leads to an arbitary file identification as root. 2. BACKGROUND ------------------------- mount.cifs GNU...

kernel: no access restrictions of /proc/pid/* after setuid program exec

The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lsee...