Fedora 19 : chkrootkit-0.49-9.fc19 (2014-7090)

A quoting issue was found in chkrootkit which would lead to a file in /tmp/ being executed, if /tmp/ was mounted without the noexec option. chkrootkit is typically run as the root user. A local attacker could use this flaw to escalate their privileges. Note that Tenable Network Security has...

openSUSE Security Update : blender (openSUSE-SU-2013:0302-1)

This update fixes tmp races in the undo save quit Blender routine. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-121. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : ghostscript-devel (openSUSE-SU-2010:0451-1)

ghostscript by default read some initialization files from the current working directory. Local attackers could potentially exploit that to have other users execute arbitrary commands by placing such files e.g. in /tmp CVE-2010-2055. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

openSUSE Security Update : deb / update-alternatives (openSUSE-SU-2012:1437-1)

Fix tmp issues in annotate-output bnc778291, CVE-2012-3500 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-757. The text description of this plugin is C SUSE LLC...

OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)

The unpacker::redirectstdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite...

chkrootkit privilege escalation

It's possible to execute file from /tmp...

CVE-2014-3981

acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file...

Design/Logic Flaw

include/testswebservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis..unsorted file with an easily determined name...

chkrootkit LTS security update

Package : chkrootkit Version : 0.49-4+deb6u1 CVE ID : CVE-2014-0476 Thomas Stangner discovered a vulnerability in chkrootkit, a rootkit detector, which may allow local attackers to gain root access when /tmp is mounted without the noexec option...

chkrootkit LTS security update

Package : chkrootkit Version : 0.49-4+deb6u1 CVE ID : CVE-2014-0476 Thomas Stangner discovered a vulnerability in chkrootkit, a rootkit detector, which may allow local attackers to gain root access when /tmp is mounted without the noexec option...

CVE-2014-0476

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...

[SECURITY] [DSA 2945-1] chkrootkit security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2945-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano June 03, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2945-1 (chkrootkit - security update)

Thomas Stangner discovered a vulnerability in chkrootkit, a rootkit detector, which may allow local attackers to gain root access when /tmp is mounted without the noexec option. OpenVAS Vulnerability Test $Id: deb2945.nasl 6637 2017-07-10 09:58:13Z teissa $ Auto-generated from advisory DSA 2945-1...

CVE-2012-6648

gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different...

CVE-2012-6648

gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different...

CVE-2012-0943

debian/guest-account in Light Display Manager lightdm 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and...

PYSEC-2014-8

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...

Incorrect Default Permissions

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...

CVE-2014-3425

NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service "remote control" outage by creating a /tmp/xmosaic.pid file for every possible PID...

Design/Logic Flaw

NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of service "remote control" outage by creating a /tmp/Mosaic.pid file for every possible PID...