CVE-2008-4636
https://notcve.org/view.php?id=CVE-2008-4636
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process. yast2-backup de 2.14.2 a 2.16.6 en SUSE Linux y Novell Linux permite a usuarios locales obtener privilegios a través de metacaracteres de consola en nombres de archivos usados por el proceso de copia de respaldo. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html http://osvdb.org/50284 http://secunia.com/advisories/32832 http://www.securityfocus.com/bid/32464 https://exchange.xforce.ibmcloud.com/vulnerabilities/46879 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2008-0883 – acroread: insecure handling of temporary files
https://notcve.org/view.php?id=CVE-2008-0883
acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling. acroread en Adobe Acrobat Reader 8.1.2 permite a usuarios locales sobrescribir ficheros de su elección mediante un ataque de enlaces simbólicos en ficheros temporales relativos al manejo de certificados SSL. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/29229 http://secunia.com/advisories/29242 http://secunia.com/advisories/29425 http://secunia.com/advisories/31136 http://secunia.com/advisories/31352 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1 http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html http://www.adobe.com/support/security/advisories/apsa08-02.html http://www.gentoo.org/security • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2008-0411 – Ghostscript 8.0.1/8.15 - 'zseticcspace()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0411
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. Desbordamiento de búfer basado en pila en la función zseticcspace de zicc.c en Ghostscript 8.61 y anteriores permite a atacantes remotos ejecutar código de su elección a través de un archivo postscript (.ps) que contiene un array de Range (rango) largo en un operador .seticcspace. • https://www.exploit-db.com/exploits/31309 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html http://scary.beasts.org/security/CESA-2008-001.html http://secunia.com/advisories/29101 http://secunia.com/advisories/29103 http://secunia.com/advisories/29112 http://secunia.com/advisories/29135 http://secunia.com/advisories/29147 http://secunia.com/advisories/29154 http://secunia.com/advisories/29169 http://secunia.com/advisories/29196 http://secunia.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2008-0731
https://notcve.org/view.php?id=CVE-2008-0731
The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task. El núcleo de Linux versiones anteriores a 2.6.18.8-0.8 de SUSE openSUSE 10.2 no maneja apropiadamente los fallos del sistema llamado AppArmor change_hat, lo cual permite a atacantes disparar el no limitamiento de una tarea apparmored. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html http://secunia.com/advisories/28806 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-2654
https://notcve.org/view.php?id=CVE-2007-2654
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems. xfs_fsr en xfsdump crea un directorio temporal .fsr con permisos no seguros, que permite a usuarios locales leer o sobrescribir archivos arbitrarios en sistemas de archivos xfs. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417894 http://osvdb.org/36716 http://secunia.com/advisories/25220 http://secunia.com/advisories/25425 http://secunia.com/advisories/25761 http://secunia.com/advisories/26867 http://www.mandriva.com/security/advisories?name=MDKSA-2007:134 http://www.novell.com/linux/security/advisories/2007_10_sr.html http://www.securityfocus.com/bid/23922 http://www.ubuntu.com/usn/usn-516-1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •