Lucene search
+L

72 matches found

Packet Storm
Packet Storm
added 2011/04/11 12:0 a.m.900 views

tmux 1.3 / 1.4 Privilege Escalation

--------------------------------------- | Team ph0x90bic proudly presents | | tmux -S 1.3/1.4 local utmp exploit | --------------------------------------- Exploit Title: tmux '-S' Option Incorrect SetGID Local Privilege Escalation Vulnerability Date: 11.04.2011 Author: ph0x90bic Software Link:...

4.6CVSS0.5AI score0.00952EPSS
Exploits6
Exploit DB
Exploit DB
added 2011/04/11 12:0 a.m.46 views

tmux 1.3/1.4 - '-S' Option Incorrect SetGID Privilege Escalation

--------------------------------------- | Team ph0x90bic proudly presents | | tmux -S 1.3/1.4 local utmp exploit | --------------------------------------- Exploit Title: tmux '-S' Option Incorrect SetGID Local Privilege Escalation Vulnerability Date: 11.04.2011 Author: ph0x90bic Software Link:...

4.6CVSS6.4AI score0.00952EPSS
Exploits6
OpenVAS
OpenVAS
added 2009/03/23 12:0 a.m.21 views

Ubuntu Update for shadow vulnerability USN-695-1

Ubuntu Update for Linux kernel vulnerabilities USN-695-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6951.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for shadow vulnerability USN-695-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

7.2CVSS6.5AI score0.00949EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2009/03/07 12:0 a.m.18 views

Mandrake Security Advisory MDVSA-2009:062 (shadow-utils)

The remote host is missing an update to shadow-utils announced via advisory MDVSA-2009:062. OpenVAS Vulnerability Test $Id: mdksa2009062.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:062 shadow-utils Authors: Thomas Reinke Copyright: Copyright c 20...

7.2CVSS0.7AI score0.00949EPSS
Exploits1
OpenVAS
OpenVAS
added 2009/03/07 12:0 a.m.21 views

Mandrake Security Advisory MDVSA-2009:062 (shadow-utils)

The remote host is missing an update to shadow-utils announced via advisory MDVSA-2009:062. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

7.2CVSS6.4AI score0.00949EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2009/01/26 12:0 a.m.20 views

Debian: Security Advisory (DSA-1709-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS6.5AI score0.00949EPSS
Exploits1References3
OSV
OSV
added 2009/01/21 12:0 a.m.18 views

DSA-1709-1 shadow - privilege escalation

Bulletin has no description...

7.2CVSS6.3AI score0.00949EPSS
Exploits1
Ubuntu
Ubuntu
added 2008/12/18 1:18 a.m.47 views

USN-695-1: shadow vulnerability

Paul Szabo discovered a race condition in login. While setting up tty permissions, login did not correctly handle symlinks. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root...

7.2CVSS5.5AI score0.00949EPSS
Exploits1
seebug.org
seebug.org
added 2008/12/10 12:0 a.m.27 views

Debian 'login' 本地权限升级漏洞

Debian is prone to a local privilege-escalation vulnerability because of an error in the 'login' program. Local attackers in the UTMP group could exploit this issue to take ownership of arbitrary files on the vulnerable system. This may lead to a complete compromise of the system. Debian Linux 3....

6.7AI score
Exploits0
Prion
Prion
added 2008/12/09 12:30 a.m.12 views

Design/Logic Flaw

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...

7.2CVSS6.3AI score0.00949EPSS
Exploits1References12Affected Software1
NVD
NVD
added 2008/12/09 12:30 a.m.13 views

CVE-2008-5394

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...

7.2CVSS6.1AI score0.00949EPSS
Exploits1References12
UbuntuCve
UbuntuCve
added 2008/12/09 12:30 a.m.21 views

CVE-2008-5394

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...

7.2CVSS5.8AI score0.00949EPSS
Exploits1References2
OSV
OSV
added 2008/12/09 12:30 a.m.5 views

CVE-2008-5394

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...

6.1AI score
Exploits0References12
Debian CVE
Debian CVE
added 2008/12/09 12:0 a.m.24 views

CVE-2008-5394

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...

7.2CVSS5.6AI score0.00949EPSS
Exploits1
CVE
CVE
added 2008/12/09 12:0 a.m.85 views

CVE-2008-5394

CVE-2008-5394 concerns the shadow package’s /bin/login on Debian (and likely other distros) where local users in the utmp group could exploit a symlink vulnerability to overwrite arbitrary files via a temporary file referenced in a utmp entry’s ut_line field. The described condition affects shado...

7.2CVSS6AI score0.00949EPSS
Exploits1References12Affected Software1
seebug.org
seebug.org
added 2008/12/01 12:0 a.m.16 views

Debian GNU/Linux (symlink attack in login) Arbitrary File Ownership PoC

No description provided by source. !/bin/bash - echo ' include string.h include stdlib.h include unistd.h include utmp.h include sys/types.h include stdio.h int mainint argc, char argv struct utmp entry; int i; entry.uttype=LOGINPROCESS; strcpyentry.utline,"/tmp/x"; entry.uttime=0;...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2008/12/01 12:0 a.m.61 views

/bin/login gives root to group utmp

There is a group-utmp-to-root privilege escalation vulnerability in /bin/login in Debian, and I expect in all other Linux distros. For details and exploit please see http://bugs.debian.org/505271 Currently am not aware of any group utmp issues that could be leveraged to get root. Cheers, Paul Sza...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2008/12/01 12:0 a.m.39 views

Linux /bin/login privilege escalation

It's possible to escalate privileges from utmp group to root...

3.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2008/10/01 12:0 a.m.33 views

SuSE 10 Security Update : OpenSSH (ZYPP Patch Number 5627)

Due to a faulty signal handler repeated login attempts could exhaust the maximum allowed connections and prevent further logins. CVE-2008-4109 A problem where utmp entries where not deleted when users logged out was also fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

5CVSS7.9AI score0.28601EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2008/03/07 12:0 a.m.29 views

GLSA-200803-05 : SplitVT: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-200803-05 SplitVT: Privilege escalation Mike Ashton reported that SplitVT does not drop group privileges before executing the xprop utility. Impact : A local attacker could exploit this vulnerability to gain the 'utmp' group...

7.2CVSS5.5AI score0.00346EPSS
Exploits0References2
Rows per page
Query Builder