PT-2024-37854 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A logic bug in the code disables kernel tracing for setuid programs, allowing unprivileged users to trace and inspect the behavior of setuid programs. This bug may be used by an...

FreeBSD -- ktrace(2) fails to detach when executing a setuid binary

Problem Description: A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. Impact: The bug may be used by an unprivileged user to read the...

CVE-2024-6714

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege...

CVE-2024-6714

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege...

CVE-2024-6714

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege...

PT-2024-37817 · Provd +2 · Provd +2

Name of the Vulnerable Software and Affected Versions: provd versions prior to 0.1.5 Description: An issue was discovered in provd with a setuid binary, which allows a local attacker to escalate their privilege. Recommendations: For versions prior to 0.1.5, update to version 0.1.5 or later to...

UBUNTU-CVE-2024-6714

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege...

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.

...

CBL Mariner 2.0 Security Update: nodejs18 / nodejs / libuv (CVE-2024-22017)

The version of nodejs18 / nodejs / libuv installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22017 advisory. - setuid does not affect libuv's internal iouring operations if initialized before the call...

CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

DEBIAN-CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

UBUNTU-CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

CVE-2024-38531

CVE-2024-38531 affects the Nix package manager. A build process can access and modify the permissions of the build directory, and after a setuid binary is created in a globally accessible location, a local attacker could assume the permissions of a Nix daemon worker and hijack all future builds. ...

CVE-2024-38531 Nix sandbox escape

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

Advisory ROSA-SA-2024-2432

Software: man-db 2.7.6.1 OS: ROSA Virtualization 2.1 packageevrstring: man-db-2.7.6.1 CVE-ID: CVE-2018-25078 BDU-ID: None CVE-Crit: N/A CVE-DESC.: man-db in Gentoo allows local users with access to the man user account to gain root privileges, because /usr/bin/mandb is executed by the root user,...

SUSE CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel's OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalat...

RHEL 4 : exim (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - exim: local root privilege escalation for configurations with perlstartup CVE-2016-1531 - The openlog...

RHEL 9 : tar (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tar: Incorrectly handled extension attributes in PAX archives can lead to a crash CVE-2023-39804 Note that Nessus h...