72 matches found
tmux 1.3 / 1.4 Privilege Escalation
--------------------------------------- | Team ph0x90bic proudly presents | | tmux -S 1.3/1.4 local utmp exploit | --------------------------------------- Exploit Title: tmux '-S' Option Incorrect SetGID Local Privilege Escalation Vulnerability Date: 11.04.2011 Author: ph0x90bic Software Link:...
tmux 1.3/1.4 - '-S' Option Incorrect SetGID Privilege Escalation
--------------------------------------- | Team ph0x90bic proudly presents | | tmux -S 1.3/1.4 local utmp exploit | --------------------------------------- Exploit Title: tmux '-S' Option Incorrect SetGID Local Privilege Escalation Vulnerability Date: 11.04.2011 Author: ph0x90bic Software Link:...
Ubuntu Update for shadow vulnerability USN-695-1
Ubuntu Update for Linux kernel vulnerabilities USN-695-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6951.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for shadow vulnerability USN-695-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
Mandrake Security Advisory MDVSA-2009:062 (shadow-utils)
The remote host is missing an update to shadow-utils announced via advisory MDVSA-2009:062. OpenVAS Vulnerability Test $Id: mdksa2009062.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:062 shadow-utils Authors: Thomas Reinke Copyright: Copyright c 20...
Mandrake Security Advisory MDVSA-2009:062 (shadow-utils)
The remote host is missing an update to shadow-utils announced via advisory MDVSA-2009:062. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...
Debian: Security Advisory (DSA-1709-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DSA-1709-1 shadow - privilege escalation
Bulletin has no description...
USN-695-1: shadow vulnerability
Paul Szabo discovered a race condition in login. While setting up tty permissions, login did not correctly handle symlinks. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root...
Debian 'login' 本地权限升级漏洞
Debian is prone to a local privilege-escalation vulnerability because of an error in the 'login' program. Local attackers in the UTMP group could exploit this issue to take ownership of arbitrary files on the vulnerable system. This may lead to a complete compromise of the system. Debian Linux 3....
Design/Logic Flaw
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...
CVE-2008-5394
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...
CVE-2008-5394
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...
CVE-2008-5394
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...
CVE-2008-5394
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...
CVE-2008-5394
CVE-2008-5394 concerns the shadow package’s /bin/login on Debian (and likely other distros) where local users in the utmp group could exploit a symlink vulnerability to overwrite arbitrary files via a temporary file referenced in a utmp entry’s ut_line field. The described condition affects shado...
Debian GNU/Linux (symlink attack in login) Arbitrary File Ownership PoC
No description provided by source. !/bin/bash - echo ' include string.h include stdlib.h include unistd.h include utmp.h include sys/types.h include stdio.h int mainint argc, char argv struct utmp entry; int i; entry.uttype=LOGINPROCESS; strcpyentry.utline,"/tmp/x"; entry.uttime=0;...
/bin/login gives root to group utmp
There is a group-utmp-to-root privilege escalation vulnerability in /bin/login in Debian, and I expect in all other Linux distros. For details and exploit please see http://bugs.debian.org/505271 Currently am not aware of any group utmp issues that could be leveraged to get root. Cheers, Paul Sza...
Linux /bin/login privilege escalation
It's possible to escalate privileges from utmp group to root...
SuSE 10 Security Update : OpenSSH (ZYPP Patch Number 5627)
Due to a faulty signal handler repeated login attempts could exhaust the maximum allowed connections and prevent further logins. CVE-2008-4109 A problem where utmp entries where not deleted when users logged out was also fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...
GLSA-200803-05 : SplitVT: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-200803-05 SplitVT: Privilege escalation Mike Ashton reported that SplitVT does not drop group privileges before executing the xprop utility. Impact : A local attacker could exploit this vulnerability to gain the 'utmp' group...