15 matches found
EUVD-2019-6811
Malware in sbrugna...
CVE-2019-15901
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext3 call with flags to change the UID, primary GID, and secondary GIDs was replaced on certain platforms: Linux and possibly NetBSD with a single setuid2 call. This resulted in neither...
The vulnerability of the setusercontext() function in the doas utility allows a attacker to compromise the integrity, confidentiality, and accessibility of the protected information.
The vulnerability of the setusercontext function in the doas utility exists due to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to compromise the integrity, confidentiality, and accessibility of the protected information...
Design/Logic Flaw
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext3 call with flags to change the UID, primary GID, and secondary GIDs was replaced on certain platforms: Linux and possibly NetBSD with a single setuid2 call. This resulted in neither...
CVE-2019-15901
The CVE concerns slicer69 doas prior to 6.2 on non-OpenBSD platforms (Linux, possibly NetBSD). A setusercontext(3) call intended to adjust UID, primary GID, and secondary GIDs was replaced with a single setuid(2) call. As a result, the group ID is not changed and secondary group IDs are not initi...
CVE-2019-15901
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext3 call with flags to change the UID, primary GID, and secondary GIDs was replaced on certain platforms: Linux and possibly NetBSD with a single setuid2 call. This resulted in neither...
FreeBSD setusercontext()函数绕过安全限制漏洞
BUGTRAQ ID: 42533 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 在以其他用户的权限运行时lib/libutil/loginclass.c文件中的setusercontext函数应用了特定的用户设置,这允许本地用户通过创建特制的/.loginconf文件并通过OpenSSH登录更改某些受限制的资源。 FreeBSD 8.0 FreeBSD 7.2 厂商补丁: FreeBSD ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
FreeBSD ftpd setusercontext()远程权限提升漏洞
BUGTRAQ ID: 36119 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD及其他一些BSD系统有一个用于设置用户上下文的功能,如FreeBSD中的setusercontext函数: setusercontextlc, pw, uidt0, LOGINSETLOGIN|LOGINSETGROUP|LOGINSETPRIORITY| LOGINSETRESOURCES|LOGINSETUMASK; 其中的LOGINSETRESOURCES设置允许用户设置资源。根据用户手册所述: LOGINSETRESOURCES...
Multiple BSD Operating Systems setusercontext() Vulnerabilities
No description provided by source. BSD setusercontext vulnerabilites discovered by Kingcope, July 2009 lewls XD Let's go.. BSD derived operating systems have a special function to set a "user context". The function setusercontext is available on for example FreeBSD 5.0 and 7.0. An example from...
[email protected]
BSD setusercontext vulnerabilites discovered by Kingcope, July 2009 lewls XD Let's go.. BSD derived operating systems have a special function to set a "user context". The function setusercontext is available on for example FreeBSD 5.0 and 7.0. An example from ftpd.c : setusercontextlc, pw, uidt0,...
Multiple BSD Operating Systems setusercontext() Vulnerabilities
Exploit for multiple platform in category local exploits =============================================================== Multiple BSD Operating Systems setusercontext Vulnerabilities =============================================================== BSD setusercontext vulnerabilites discovered by...
BSD (Multiple Distributions) - setusercontext() Multiple Vulnerabilities
BSD Multiple Distributions - setusercontext Multiple Vulnerabilities BSD setusercontext vulnerabilites discovered by Kingcope, July 2009 lewls XD Let's go.. BSD derived operating systems have a special function to set a "user context". The function setusercontext is available on for example FreeB...
setusercontext() privilege escalation in BSD systems
Multiple application misbihave if different limits are set via setusercontext, resulting in different exploitation scenarios...
BSD (Multiple Distributions) - 'setusercontext()' Multiple Vulnerabilities
BSD setusercontext vulnerabilites discovered by Kingcope, July 2009 lewls XD Let's go.. BSD derived operating systems have a special function to set a "user context". The function setusercontext is available on for example FreeBSD 5.0 and 7.0. An example from ftpd.c : setusercontextlc, pw, uidt0,...
BSD setusercontext Vulnerabilities
BSD setusercontext vulnerabilites discovered by Kingcope, July 2009 lewls XD Let's go.. BSD derived operating systems have a special function to set a "user context". The function setusercontext is available on for example FreeBSD 5.0 and 7.0. An example from ftpd.c : setusercontextlc, pw, uidt0,...