CVE-2021-43411

CVE-2021-43411 affects GNU Hurd up to version 0.9 20210404-9. When attempting to exec a setuid executable, a window exists where the process has new privileges but still references the old task and is reachable via the old process port, enabling full root access according to the vulnerability des...

CVE-2021-43413

The CVE-2021-43413 entry concerns GNU Hurd before 0.9 20210404-9. A single pager port is shared among all processes that mmap a file, enabling any reader to modify files they can read and thereby potentially gain full root access. Available sources (NVD/Red Hat/Debian/CNVD/CVEdoc) reiterate this ...

CVE-2021-43414

CVE-2021-43414 affects GNU Hurd prior to version 0.9 20210404-9. The issue is in the authentication protocol used by the proc server, making it vulnerable to man-in-the-middle attacks and enabling local privilege escalation to obtain full root access. The connected PT-Security entry explicitly re...

CVE-2021-43412

CVE-2021-43412 affects GNU Hurd before 0.9 (20210404-9). The issue resides in libports, which accepts fake notification messages from any client on any port, enabling a use-after-free in port handling and leading to local privilege escalation to full root access. Connections across sources (Red H...