3209 matches found
kernel: O_EXCL creates on NFSv4 are broken
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an OEXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the...
kernel: personality: fix PER_CLEAR_ON_SETID
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...
kernel: /proc/$pid/maps visible during initial setuid ELF loading
The mmformaps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read 1 maps and 2 smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition...
How to find unix broiler-vulnerability warning-the black bar safety net
Why that is I and the x-laser together with looking for broiler? Because all our operations are all in the 3 3 8 9 broiler on. First of all, we are on to the same terminal, premise:the terminal is open,rather than doing it on your own,so that only the Terminal Services Manager can be usedand then...
samba security update
CentOS Errata and Security Advisory CESA-2009:1529 Updated samba packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Samba is a suite of programs use...
Samba setuid mount.cifs信息泄露漏洞
BUGTRAQ ID: 36572 CVE ID: CVE-2009-2948 Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。 mount.cifs程序允许用户通过不同的方式传送凭据文件的名称或包含有口令的文件。如果安装为setuid程序,mount.cifs没有判断试图访问该文件的用户是否拥有root用户权限。远程攻击者可以通过使用--verbose或-v选项,向mount.cifs传送凭据文件,然后读取所传送口令的第一行。 Samba Samba 3.4 Samba Samba 3.3 Samba Samba 3...
Samba < 3.0.37 / 3.2.15 / 3.3.8 / 3.4.2 Multiple Vulnerabilities
Binary data 5194.prm...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard...
CVE-2009-2904
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, relate...
Information disclosure by setuid mount.cifs
Description The mount.cifs program allows a user to pass in the name of a credentials file or a file containing a password via several different means. When installed as a setuid program, it does not check to see whether the user would have had access to this file prior to gaining root privileges...
openssh: possible privilege escalation when using ChrootDirectory setting
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, relate...
SuSE9 Security Update : arts (YOU Patch Number 11075)
The KDE soundserver aRts lacked checks around some setuid calls. This could be used by a local attacker to gain root privileges. CVE-2006-2916 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...
SuSE9 Security Update : heimdal (YOU Patch Number 11192)
This update fixes a security problem in heimdal tools, if installed setuid. Missing setuid return checking might be used by local users to escalate their privileges to root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
Linux Kernel O_EXCL NFSv4本地权限提升漏洞
BUGTRAQ ID: 36472 CVE ID: CVE-2009-3286 Linux Kernel是开放源码操作系统Linux所使用的内核。 当OEXCL创建文件失败时,Linux Kernel的NFSv4没有正确地清除inode。这导致以不安全的设置(如setuid位)创建文件,本地用户可以通过执行doopenpermission函数获得权限提升。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://git.kernel.org/linus/af85852d...
CVE-2009-3286
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an OEXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the...
CVE-2009-3286
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an OEXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Updated 21st July 2010 Added links to KBase articles expanding on three...
kernel: personality: fix PER_CLEAR_ON_SETID
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...
IBM AIX 5.6/6.1 _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug
No description provided by source. !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi [email protected] Property of @ Mediaservice.net Srl Data Security Division http://www.mediaservice.net/...
IBM AIX 5.66.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug
IBM AIX 5.66.1 - LIBINITDBG Arbitrary File Overwrite via Libc Debug !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi Property of @ Mediaservice.net Srl Data Security Division...