Default configuration

The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux RHEL 5, omits the nosuid option for the hosts /net filesystem map, which allows local users to gain privileges via a setuid program on a remote NFS server...

CVE-2007-5964

The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux RHEL 5, omits the nosuid option for the hosts /net filesystem map, which allows local users to gain privileges via a setuid program on a remote NFS server...

CVE-2007-5964

The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux RHEL 5, omits the nosuid option for the hosts /net filesystem map, which allows local users to gain privileges via a setuid program on a remote NFS server...

SuSE 10 Security Update : krb5-apps-servers and krb5-apps-clients (ZYPP Patch Number 1938)

Various return checks of setuid and seteuid calls have been fixed in kerberos client and server applications. If these applications are setuid, it might have been possible for local attackers to gain root access. CVE-2006-3083 We are not affected by the seteuid problems, tracked by CVE-2006-3084...

CVE-2007-6211

Send ICMP Nasty Garbage sing on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L output log file option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to overrid...

CVE-2007-6211

Send ICMP Nasty Garbage sing on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L output log file option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to overrid...

Spoofing

Send ICMP Nasty Garbage sing on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L output log file option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to overrid...

Privilege escalation via PR_SET_PDEATHSIG

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal PRSETPDEATHSIG...

Code injection

Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact...

CVE-2007-3749

The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of...

Code injection

The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."...

Code injection

The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of...

CVE-2007-3749

The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of...

CVE-2007-4685

CVE-2007-4685 affects Apple Mac OS X 10.4–10.4.10. Local users can gain privileges by executing setuid/setgid programs whose stdio/stderr/stdout descriptors are in an unexpected state. The issue is mitigated by upgrading to Mac OS X 10.4.11 (Security Update 2007-008) as released by Apple; patch d...

PT-2007-4990 · Apple · Macos X

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X versions 10.4 through 10.4.10 Description: The issue allows local users to execute arbitrary code by creating a port before launching a setuid program, then writing to the address space of the setuid process. This is due to the...

Ubuntu 5.04 / 5.10 / 6.06 LTS : krb5 vulnerabilities (USN-334-1)

Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid system calls. On systems that have configured user process limits, it may be possible for an attacker to cause setuid to fail via resource starvation. In that situation, the tools wil...

Ubuntu 5.04 / 5.10 / 6.06 LTS : shadow vulnerability (USN-308-1)

Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid call. On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root...

Ubuntu 6.06 LTS : mysql-dfsg-5.0 vulnerabilities (USN-338-1)

Dmitri Lenev discovered that arguments of setuid SQL functions were evaluated in the security context of the functions' definer instead of its caller. An authenticated user with the privilege to call such a function could exploit this to execute arbitrary statements with the privileges of the...

Ubuntu 6.10 : linux-source-2.6.17 vulnerabilities (USN-509-1)

A flaw in the sysfsreaddir function allowed a local user to cause a denial of service by dereferencing a NULL pointer. CVE-2007-3104 A buffer overflow was discovered in the random number generator. In environments with granular assignment of root privileges, a local attacker could gain additional...

Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-508-1)

A buffer overflow was discovered in the Moxa serial driver. Local attackers could execute arbitrary code and gain root privileges. CVE-2005-0504 A flaw was discovered in the IPv6 stack's handling of type 0 route headers. By sending a specially crafted IPv6 packet, a remote attacker could cause a...