Debian DSA-2649-1 : lighttpd - fixed socket name in world-writable directory

Stefan Buhler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP contr...

Debian Security Advisory DSA 2649-1 (lighttpd - fixed socket name in world-writable directory)

Stefan Bühler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP contr...

DSA-2649-1 lighttpd - fixed socket name in world-writable directory

Bulletin has no description...

CVE-2012-5660

abrt-action-install-debuginfo in Automatic Bug Reporting Tool ABRT 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."...

Code injection

abrt-action-install-debuginfo in Automatic Bug Reporting Tool ABRT 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."...

CVE-2012-5660

abrt-action-install-debuginfo in Automatic Bug Reporting Tool ABRT 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."...

CVE-2012-5660

Summary: CVE-2012-5660 affects ABRT (Automatic Bug Reporting Tool) components, notably abrt-action-install-debuginfo, in ABRT 2.0.9 and earlier. The vulnerability allows a local attacker to set world-writable permissions on arbitrary files and potentially gain privileges via a symlink attack in t...

CentOS Update for libibverbs CESA-2013:0509 centos6

Check for the Version of libibverbs OpenVAS Vulnerability Test CentOS Update for libibverbs CESA-2013:0509 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS Update for opensm CESA-2013:0509 centos6

Check for the Version of opensm OpenVAS Vulnerability Test CentOS Update for opensm CESA-2013:0509 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

CentOS Update for ibacm CESA-2013:0509 centos6

Check for the Version of ibacm OpenVAS Vulnerability Test CentOS Update for ibacm CESA-2013:0509 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CentOS Update for rdma CESA-2013:0509 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scripttagname:"affected", value:"rdm...

CentOS Update for librdmacm CESA-2013:0509 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Scientific Linux Security Update : automake on SL6.x (noarch) (20130221)

It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running 'make distcheck'. CVE-2012-3386...

Nmap NSE 6.01: ftp-anon

Checks if an FTP server allows anonymous logins. If anonymous is allowed, gets a directory listing of the root directory and highlights writeable files. SYNTAX: ftp-anon.maxlist: The maximum number of files to return in the directory listing. By default it is 20, or unlimited if verbosity is...

automake security update

CentOS Errata and Security Advisory CESA-2013:0526 An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base...

RHEL 6 : rdma (RHSA-2013:0509)

Updated RDMA packages that fix multiple security issues, various bugs, and add an enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

ibacm: ibacm service files created with world writable permissions (DoS)

ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ibacm daemon log or ibacm.port file...

automake: locally exploitable "make distcheck" bug

It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck"...

abrt: Race condition in abrt-action-install-debuginfo

abrt-action-install-debuginfo in Automatic Bug Reporting Tool ABRT 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."...

EMC Avamar weak permissions

Cache files are world writable...