5 matches found
Ensure That the Unnecessary SUID/SGID Bit on a File Is Deleted
SUID set user ID and SGID set group ID are special permission bits used to control program permissions in UNIX and UNIX-like OSs, including Linux. It is important to ensure that files do not contain unnecessary SUID or SGID bits to improve system security. These bits allow files to run with the...
AZL-35165 CVE-2023-1386 affecting package qemu 9.1.0-1
A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the gue...
kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members
A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group an...
kernel security and bug fix update
2.4.21-58.0.0.0.1.EL - add directio support for qla drivers herb ora 6346849 - support PT Quad card ora 5751043 - io to nfs partition hangs ora 5088963 - add entropy for bnx2 nic ora 5931647 - avoid large allocation-fragmentation in MTU zab - fix clear highpage wli 2.4.21-58.EL - copyuser doesn't...
Mandrake Linux Security Advisory : cdrecord (MDKSA-2003:058-1)
A vulnerability in cdrecord was discovered that can be used to obtain root access because Mandrake Linux ships with the cdrecord binary suid root and sgid cdwriter. Updated packages are provided that fix this vulnerability. You may also elect to remove the suid and sgid bits from cdrecord manuall...