3208 matches found
binary-exploitation-labs-Application-security-ctf-writeups
binary-exploitation-labs-Application-security-ctf-writeups...
Linux Kernel FD-Race Monitoring
This C program is a defensive process-monitoring utility, not a privilege-escalation exploit. It continuously inspects /proc/pid/fd to detect suspicious activity related to excessive file descriptor usage, activity from sensitive SUID binaries, and potential file descriptor leakage or theft...
RockyLinux 10 : systemd (RLSA-2026:18153)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18153 advisory. systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump CVE-2025-4598 Tenable has...
CVE-2026-41163
A flaw was found in bubblewrap when operating in setuid mode. A local user may use ptrace to interfere with the sandbox setup process and gain access to privileged operations that are normally restricted. This could allow an attacker to bypass intended sandboxing restrictions and potentially...
SUSE-SU-2026:21875-1 Security update for openssh
This update for openssh fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys principals option bsc1261430. Changes for openssh: - Fix a potential issue when validating mac bsc1264568:...
CLSA-2026-1779368297 polkit: Fix of CVE-2026-4897
CVE-2026-4897: Fix unbounded stdin reads that allow local user to trigger OOM and DoS in setuid helper; add input length checks and limit allocations...
USN-8288-1: Bubblewrap vulnerability
It was discovered that Bubblewrap incorrectly handled the sandbox setup phase when installed in setuid mode. A local attacker could possibly use this issue to bypass sandbox restrictions...
Astra Linux - уязвимость в golang-1.19
On Unix platforms, the Go runtime behaves differently when a binary is run with the setuid/setgid bits enabled. This can be dangerous in certain situations, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standa...
Astra Linux - уязвимость в zsh
In Zsh before version 5.8, attackers who were able to execute commands could regain privileges lost due to the --no-PRIVILEGED option. Zsh failed to overwrite the saved user ID, so the original privileges could be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls...
Astra Linux - уязвимость в glibc
On the x86-64 architecture, the GNU C Library also known as glibc prior to version 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition. This allows local attackers to restrict the possible mapping addresses for loaded libraries,...
Astra Linux - уязвимость в containerd
Containerd is an open-source container runtime that emphasizes simplicity, robustness, and portability. A bug was discovered in Containerd where container root directories and certain plugins had insufficiently restricted permissions, allowing unprivileged Linux users to access the contents of...
Astra Linux - уязвимость в screen
The socket.c file in GNU Screen, as of version 4.9.0, can be executed with the setuid or setgid flags the default on platforms like Arch Linux and FreeBSD. This allows local users to send a privileged SIGHUP signal to any process ID, potentially causing a denial of service or disrupting the targe...
Astra Linux - уязвимость в ntfs-3g
A buffer overflow was discovered in NTFS-3G before October 3, 2022. Metadata created within an NTFS image can lead to code execution. A local attacker can exploit this vulnerability if the ntfs-3g binary has the setuid root privilege. An attacker who is physically nearby can also exploit this...
sudo: Sudo: Privilege escalation due to failure in privilege drop calls
A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...
sudo: Sudo: Privilege escalation due to failure in privilege drop calls
A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...
OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode
A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
CVE-2026-31431 "Copy Fail" — Vulnerability Detection Script S...
VMware Fusion 25H2 < 26H1 Local Privilege Escalation (VMSA-2026-0003)
The version of VMware Fusion installed on the remote macOS host is 25H2 prior to 26H1. It is, therefore, affected by a vulnerability: - VMware Fusion contains a TOCTOU Time-of-check Time-of-use vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with loca...
SUSE SLED15 / SLES15 Security Update : openssh (SUSE-SU-2026:1876-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1876-1 advisory. This update for openssh fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed...
CentOS 9 : polkit-0.117-16.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the polkit-0.117-16.el9 build changelog. - A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1...