CVE-2011-1946

gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by leveraging access to two unprivileged user accounts, and running many processes under one of thes...

CVE-2011-1946

gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by leveraging access to two unprivileged user accounts, and running many processes under one of thes...

SuSE 11.1 Security Update : libgnomesu (SAT Patch Number 4805)

The libgnomesu pam backend did not check the return value of the setuid functions. Local users could exploit that to gain root privileges. CVE-2011-1946 Note: this is just a re-release of the previous update to fix a regression unrelated to the security issue. %NASLMINLEVEL 70300 C Tenable Networ...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7568)

This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs. The following security issues were fixed : - Multiple integer overflows in the nextpidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service system cra...

SuSE 10 Security Update : glibc (ZYPP Patch Number 7575)

The following bugs have been fixed : - Specially crafted input to the fnmatch function could cause an integer overflow. CVE-2011-1071 - The output of the 'locale' command was not properly quoted. CVE-2011-1095 - Don't search the current directory if $ORIGIN is in RPATH of libraries called by setu...

DEBIAN-CVE-2011-1485

Race condition in the pkexec utility and polkitd daemon in PolicyKit aka polkit 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID...

CVE-2011-1485

Race condition in the pkexec utility and polkitd daemon in PolicyKit aka polkit 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID...

FreeBSD/x86 encrypted setuid(0) execve /bin/sh 51 bytes

/ Title : 51 bytes FreeBSD/x86 encrypted setuid0 execve /bin/sh Date : Sun May 29 08:07:11 UTC 2011 Author; mywisdom email protected Web : devilzc0de.org Gopher: gopher://sdf.org/1/users/wisdomc0 Blog : http://myw1sd0m.blogspot.com/ Tested on: FreeBSD 8.2-RELEASE i386 special thanks to...

Nagios XI 'reset_configs-perms.c'本地特权提升漏洞

Bugtraq ID: 47827 Nagios是一个监视系统运行状态和网络信息的监视系统。 Nagios 'resetconfigs-perms.c'没有正确验证'setuid'函数的调用的返回值，本地攻击者可以利用漏洞获得root特权。 0 Nagios XI 厂商解决方案 目前没有详细解决方案提供： http://www.nagios.org/ rootbsd laptop:$ id uid=1001rootbsd gid=1001rootbsd groupes=1001rootbsd rootbsd laptop:$ ls -l...

CVE-2011-1485

Race condition in the pkexec utility and polkitd daemon in PolicyKit aka polkit 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID...

Design/Logic Flaw

ld.so in the GNU C Library aka glibc or libc6 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a 1 setuid or 2 setgid program with this RPA...

CVE-2011-0536

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library aka glibc or libc6, including glibc-2.5-49.el55.6 and glibc-2.12-1.7.el60.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object DSO...

CVE-2011-1658

ld.so in the GNU C Library aka glibc or libc6 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a 1 setuid or 2 setgid program with this RPA...

RedHat Update for glibc RHSA-2011:0412-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

policycoreutils: insecure temporary directory handling in seunshare

The seunsharemount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux RHEL 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to...

glibc: ld.so insecure handling of privileged programs' RPATHs with $ORIGIN

ld.so in the GNU C Library aka glibc or libc6 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a 1 setuid or 2 setgid program with this RPA...

glibc: fix causes linker to search CWD when running privileged program with $ORIGIN in R*PATH

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library aka glibc or libc6, including glibc-2.5-49.el55.6 and glibc-2.12-1.7.el60.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object DSO...

glibc: fix causes linker to search CWD when running privileged program with $ORIGIN in R*PATH

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library aka glibc or libc6, including glibc-2.5-49.el55.6 and glibc-2.12-1.7.el60.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object DSO...

PT-2011-1194 · Gnu +1 · Glibc +1

Name of the Vulnerable Software and Affected Versions: glibc versions prior to 2.15-r3 GNU C Library glibc versions 2.5-49.el5 5.6 GNU C Library glibc versions 2.12-1.7.el6 0.3 Description: The issue concerns multiple vulnerabilities in the glibc package, which can lead to breaches of...

pWhois Layer Four Traceroute 3.x vulnerability

Overview Given a specific set of command line arguments, Layer Four Traceroute lft will produce a segmentation fault leading to a possible privilege escalation vulnerability. Description pWhois Layer Four Traceroute 3.x contains a vulnerability when parsing command line arguments. Earlier version...