2818 matches found
CVE-2009-3889
CVE-2009-3889 affects the Linux kernel megaraid_sas driver; the dbg_lvl file is world-writable in kernels before 2.6.27, enabling local users to modify driver behavior and logging level. MiracleLinux AXSA:2010-141 references this issue among others and indicates a fix in kernel 2.6.27+ as part of...
CVE-2009-3939
CVE-2009-3939 affects the Linux kernel megaraid_sas driver: the poll_mode_io file has world-writable permissions in kernel 2.6.31.6 and earlier. This enables local users to change the driver I/O mode by modifying the file. The description notes local access and manipulation of driver behavior, wi...
PT-2009-6113 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.27 Description: The issue concerns the megaraid sas driver in the Linux kernel, where the dbg lvl file has world-writable permissions. This allows local users to modify the file, which in turn enables them t...
CVE-2009-3939
The pollmodeio file for the megaraidsas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file...
USN-841-1: GLib vulnerability
Arand Nash discovered that applications linked to GLib e.g. Nautilus did not correctly copy symlinks. If a user copied symlinks with GLib, the symlink target files would become world-writable, allowing local attackers to gain access to potentially sensitive information...
kernel: md: NULL pointer deref when accessing suspend_* sysfs attributes
The md driver drivers/md/md.c in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service NULL pointer dereference via vectors related to "suspend sysfs attributes" and the 1 suspendlostore or 2 suspendhistore functions. NOTE: this is only a vulnerability when sysfs i...
Microsoft IIS FTP Server NLST Command Remote Overflow
Added: 09/03/2009 CVE: CVE-2009-3023 BID: 36189 OSVDB: 57589 Background Microsoft Internet Information Server IIS includes a web server and an FTP server. Problem A stack overflow in the FTP server in IIS 5 and 6.0 via a crafted NLST command that uses wildcards allows remote authenticated users t...
Microsoft IIS FTP Server NLST Command Remote Overflow
Added: 09/03/2009 CVE: CVE-2009-3023 BID: 36189 OSVDB: 57589 Background Microsoft Internet Information Server IIS includes a web server and an FTP server. Problem A stack overflow in the FTP server in IIS 5 and 6.0 via a crafted NLST command that uses wildcards allows remote authenticated users t...
Microsoft IIS FTP Server NLST Command Remote Overflow
Added: 09/03/2009 CVE: CVE-2009-3023 BID: 36189 OSVDB: 57589 Background Microsoft Internet Information Server IIS includes a web server and an FTP server. Problem A stack overflow in the FTP server in IIS 5 and 6.0 via a crafted NLST command that uses wildcards allows remote authenticated users t...
Null pointer dereference
The md driver drivers/md/md.c in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service NULL pointer dereference via vectors related to "suspend sysfs attributes" and the 1 suspendlostore or 2 suspendhistore functions. NOTE: this is only a vulnerability when sysfs i...
IBM AIX libC XL C++运行时库本地权限提升漏洞
IBM AIX是一款商业性质的UNIX操作系统。 AIX的XL C++运行时库的调试组件没有正确地处理LIBINITDBG和LIBINITDBGFILE环境变量,本地用户可以通过链接到XL C++运行时库的setuid root程序创建属于root的任意可写文件。 AIX 5.3中受影响的库是/usr/lpp/xlC/lib/libC.a,AIX 6.1中受影响的库是/usr/ccs/lib/libc.a和/usr/ccs/lib/libp/libc.a。 IBM AIX 6.1 IBM AIX 5.3 厂商补丁: IBM ---...
CVE-2009-2669
A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the 1 LIBINITDBG and 2 LIBINITDBGFILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, relate...
openSUSE Security Update : valgrind (valgrind-321)
valgrind reads a file .valgrindrc in the current directory. Therefore local users could place such a file a world-writable directory such as /tmp and influence other users' valgrind when it's executed there CVE-2008-4865. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...
Fedora 10 : ntop-3.3.8-3.fc10 (2009-2805)
ls -lh /var/log/ntop/access.log -rw-rw-rw- 1 root root 0 2009-02-04 11:53 /var/log/ntop/access.log Fixed. log world-writable when the --access-log- file option is used. This option is not used in Fedora or Red Hat by default and is not noted in the configuration file. It is, however, noted in the...
Mandriva Linux Security Advisory : rsync (MDVSA-2008:011)
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. CVE-2007-6199 Unspecified vulnerability in rsync before...
Fedora Core 10 FEDORA-2009-2805 (ntop)
The remote host is missing an update to ntop announced via advisory FEDORA-2009-2805. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
device-mapper-multipath: insecure permissions on multipathd.sock
The Device Mapper multipathing driver aka multipath-tools or device-mapper-multipath 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server SLES, Fedora, and possibly other operating systems, uses world-writable permissions for the socket file aka /var/run/multipathd.sock, which allows loc...
CVE-2009-0115
The Device Mapper multipathing driver aka multipath-tools or device-mapper-multipath 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server SLES, Fedora, and possibly other operating systems, uses world-writable permissions for the socket file aka /var/run/multipathd.sock, which allows loc...
CVE-2009-0115
The Device Mapper multipathing driver aka multipath-tools or device-mapper-multipath 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server SLES, Fedora, and possibly other operating systems, uses world-writable permissions for the socket file aka /var/run/multipathd.sock, which allows loc...
Design/Logic Flaw
The Device Mapper multipathing driver aka multipath-tools or device-mapper-multipath 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server SLES, Fedora, and possibly other operating systems, uses world-writable permissions for the socket file aka /var/run/multipathd.sock, which allows loc...