UBUNTU-CVE-2021-3847

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system...

CVE-2021-3847

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system...

CVE-2021-3847

CVE-2021-3847 describes a local privilege escalation in the Linux kernel OverlayFS subsystem. The flaw arises in the way a user copies a capable file from a nosuid mount to another mount, enabling unauthorized execution of setuid-capable files. The confirmed impact is that a local user can escala...

CVE-2021-3847

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a flaw in the OverlayFS subsystem that has a setuid file execution capability. An attacker exploits the...

glibc: Off-by-one buffer overflow/underflow in getcwd()

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...

Medium: containerd

Issue Overview: containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to...

Privilege Escalation

seatd is vulnerable to privilege escalation. seatd-launch allows removing files via a user-supplied socket pathname when setuid root is installed allowing attackers to elevate privileges...

CVE-2022-25643

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname...

DEBIAN-CVE-2022-25643

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname...

UBUNTU-CVE-2022-25643

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname...

seatd-launch 权限许可和访问控制问题漏洞

Seatd is an administrative daemon. It is used to mediate access to shared devices graphics, input. seatd-launch A security vulnerability exists in seatd versions 0.6.x through 0.6.4, which stems from a lack of privilege restrictions in the software that allow files with escalated privileges to be...

CVE-2022-25643

CVE-2022-25643 affects seatd-launch in seatd 0.6.x prior to 0.6.4. It allows removing files with escalated privileges when the binary is installed setuid root, with the attack vector being a user-supplied socket pathname. Public details in the provided document indicate the vulnerable condition a...

Solaris/SPARC - setuid(0) + execve (/bin/ksh) Shellcode

/ sparcsolarisexec.c - Solaris/SPARC execve shellcode Copyright c 2022 Marco Ivaldi Pretty standard Solaris/SPARC setuid/execve shellcode. Tested on: SunOS 5.10 GenericVirtual sun4u sparc SUNW,SPARC-Enterprise / char sc = / Solaris/SPARC execve shellcode 12 + 48 = 60 bytes / / setuid0 /...

Solaris/SPARC - setuid(0) + chmod (/bin/ksh) + exit(0) Shellcode

/ sparcsolarischmod.c - Solaris/SPARC chmod shellcode Copyright c 2022 Marco Ivaldi Solaris/SPARC setuid/chmod/exit shellcode. Tested on: SunOS 5.10 GenericVirtual sun4u sparc SUNW,SPARC-Enterprise / char sc = / Solaris/SPARC chmod shellcode 12 + 32 + 20 = 64 bytes / / setuid0 / "\x90\x08\x3f\xff...

openSUSE: Security Advisory for permissions (openSUSE-SU-2022:0141-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for permissions (moderate)

openSUSE Security Update: Security update for permissions Announcement ID: openSUSE-SU-2022:0141-2 Rating: moderate References: 1169614 Affected Products: openSUSE Leap 15.4 An update that contains security fixes can now be installed. Description: This update for permissions fixes the following...

Updated glibc packages fix security vulnerability

Updated glibc packages fix security vulnerability: An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to...

CVE-2021-3999

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...

ROS-20220128-01

The vulnerability in the Polkit library for UNIX-like operating systems is related to improper handling of the number of call parameters in the pkexec setuid binary, which causes the binary to executes environment variables as commands. Exploitation of the vulnerability could allow an attacker to...