Moderate: Red Hat Security Advisory: pam security, bug fix, and enhancement update

Updated pam packages that fix two security flaws, resolve several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules PAM provide a system...

Fedora 7 : fuse-2.7.0-5.fc7 / ntfs-3g-1.913-2.fc7 (2007-2295)

It was discovered that members of the group fuse can get access to devices which they normally should not have access to. For ntfs-3g mounts, this was because /sbin/mount.ntfs-3g was setuid root. This update fixes /sbin/mount.ntfs-3g so that it is no longer has the setuid bit enabled. The fuse...

macnav-escalate.txt

Text from URL: http://blog.carrel.org/2007/11/security-advisory-norton-antivirus-for.html == Synopsis == Symantec's Norton AntiVirus for Macintosh NAV contains a vulnerability that can lead to local privilege escalation from group admin to root the super-user without any of the usual password...

CVE-2002-2396

Buffer overflow in Advanced TFTP atftp 0.5 and 0.6, if installed setuid or setgid, may allow local users to execute arbitrary code via a long argument to the -g option...

Privilege escalation via PR_SET_PDEATHSIG

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal PRSETPDEATHSIG...

CVE-2002-2334

CVE-2002-2334 affects Joe text editor versions 2.8–2.9.7. Backup files do not have their group and user setuid bits removed, which could allow local users to execute arbitrary setuid/setgid root programs when root edits scripts owned by other users. The NVD CVSS score is 3.6 (LOW) with local atta...

CVE-2002-2334

Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users...

Mandrake Linux Security Advisory : kernel (MDKSA-2007:195)

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : A stack-based buffer overflow in the random number generator could allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool si...

Privilege escalation via PR_SET_PDEATHSIG

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal PRSETPDEATHSIG...

CVE-2003-1422

Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors...

CVE-2003-1399

CVE-2003-1399 relates to eject 2.0.10 installed with setuid on systems like SuSE Linux 7.3. The issue is that error messages vary depending on whether a specific file exists, enabling local users to obtain sensitive information. The consolidated documents confirm the vulnerable component (eject 2...

CVE-2003-1399

eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information...

CVE-2003-1399

Removed by vendor...

GLSA-200710-18 : util-linux: Local privilege escalation

The remote host is affected by the vulnerability described in GLSA-200710-18 util-linux: Local privilege escalation Ludwig Nussel discovered that the checkspecialmountprog and checkspecialumountprog functions call setuid and setgid in the wrong order and do not check the return values, which can...

Mandrake Linux Security Advisory : util-linux (MDKSA-2007:198)

The mount and umount programs in util-linux called the setuid and setgid functions in the wrong order and did not check the return values, which could allow attackers to grain privileges via helper applications such as mount.nfs. Updated packages have been patched to fix this issue. %NASLMINLEVEL...

openSUSE 10 Security Update : krb5-apps-clients (krb5-apps-clients-1937)

Various return checks of setuid and seteuid calls have been fixed in kerberos client and server applications. If these applications are setuid, it might have been possible for local attackers to gain root access CVE-2006-3083. We are not affected by the seteuid problems, tracked by CVE-2006-3084...

openSUSE 10 Security Update : arts (arts-1670)

The KDE soundserver aRts lacked checks around some setuid calls. This could potentially be used by a local attacker to gain root privileges. CVE-2006-2916 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

Linux mount / umount privilege escalation

Invalid order of setuid / setgid calls and unchecked return value...

DEBIAN-CVE-2007-5191

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs...

CVE-2007-5191

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs...