12 matches found
EUVD-2008-4081
Malware in sbrugna...
Medium: fdupes
Issue Overview: In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink. CVE-2022-48682 Affected Packages: fdupes Issue Correction: Run dnf update fdupes --releasever 2023.4.20240528 to update your system. New Packages: aarch64: ...
SUSE: Security Advisory (SUSE-SU-2021:3722-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2021:3722-1 Security update for libarchive
This update for libarchive fixes the following issues: - CVE-2019-19221: Fixed out-of-bounds read caused by incorrect mbrtowc or mbtowc call bsc1157569 - backporting symlink security fixes from 3.5.2: - extracting with ACLs modifies ACLs of target bsc1192425 - modifies file flags of target...
Windows: NPFS Symlink Security Feature Bypass/Elevation of Privilege/Dangerous Behavior(CVE-2018-0823)
Windows: NPFS Symlink Security Feature Bypass/Elevation of Privilege/Dangerous Behavior Platform: Windows 10 1709 functionality not present prior to this version Class: Security Feature Bypass/Elevation of Privilege/Dangerous Behavior Summary: It’s possible to create NPFS symlinks as a low IL or...
NTP Privilege Escalation
Source: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ Introduction Problem description: The cronjob script bundled with ntp package is intended to perform cleanup on statistics files produced by NTP daemon running with statistics enabled. The script is run as ro...
Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory
Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1039 The Samba server is supposed to only grant access to configured share directories unless "wide links" are enabled, in which case the server is allowed to...
NTP - Local Privilege Escalation
NTP - Local Privilege Escalation Source: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ Introduction Problem description: The cronjob script bundled with ntp package is intended to perform cleanup on statistics files produced by NTP daemon running with statistics...
NTP - Local Privilege Escalation
Source: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ Introduction Problem description: The cronjob script bundled with ntp package is intended to perform cleanup on statistics files produced by NTP daemon running with statistics enabled. The script is run as ro...
Fedora 11 : tar-1.22-5.fc11 (2010-4306)
CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially crafted archive 572149 - realloc within checkexclusiontags caused invalid write 570591 - not closing file descriptors for excluded files/dirs with exlude-tag... options could cause descriptor exhaustion 570591 - do not...
Fedora Core 1 : utempter-0.5.5-3.FC1.0 (2004-108)
Topic: An updated utempter package that fixes a potential symlink vulnerability is now available. Problem Description: Utempter is a utility that allows terminal applications such as xterm and screen to update utmp and wtmp without requiring root privileges. Steve Grubb discovered a flaw in...
ISC BIND 4.9.7 -T1B - named SIGINT / SIGIOT Symlink
source: https://www.securityfocus.com/bid/80/info The named daemon will dump the named database to /var/tmp/nameddump.db when it receives a SIGINT signal. It does not check for symbolic links while doing so and can be made to overwrite any file in the system. The named daemons will append named...