CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-8325 – openssh: privilege escalation via user's PAM environment and UseLogin=yes
https://notcve.org/view.php?id=CVE-2015-8325
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. La función do_setup_env en session.c en sshd en OpenSSH hasta la versión 7.2p2, cuando la funcionalidad UseLogin está activa y PAM está configurado para leer archivos .pam_environment en directorios home de usuario, permite a usuarios locales obtener privilegios desencadenando un entorno manipulado para el programa /bin/login, según lo demostrado por una variable de entorno LD_PRELOAD. It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root. • http://rhn.redhat.com/errata/RHSA-2016-2588.html http://rhn.redhat.com/errata/RHSA-2017-0641.html http://www.debian.org/security/2016/dsa-3550 http://www.securityfocus.com/bid/86187 http://www.securitytracker.com/id/1036487 https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755 https://bugzilla.redhat.com/show_bug.cgi?id=1328012 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://people.canonical.com/~ubuntu-security/cve/2015&#x • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 2CVE-2016-1575 – Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr SetGID Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-1575
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. La implementación de overlayfs en el kernel de Linux hasta la versión 4.5.2 no mantiene correctamente datos POSIX ACL xattr, lo que permite a usuarios locales obtener privilegos aprovechando un directorio con permiso de escritura de grupo setgid. • https://www.exploit-db.com/exploits/41762 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1575.html http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation http://www.openwall.com/lists/oss-security/2016/02/24/7 http://www.openwall.com/lists/oss-security/2021/10/18/1 https://launchpad.net/bugs/1534961 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 2CVE-2016-1576 – Ubuntu 15.10 - 'USERNS ' Overlayfs Over Fuse Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-1576
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. La implementación de overlayfs en el kernel de Linux hasta la versión 4.5.2 no restringe correctamente el espacio de nombres de montaje, lo que permite a usuarios locales obtener privilegos montando un sistema de archivos overlayfs sobre un sistema de archivos FUSE y luego ejecutando un programa setuid manipulado. • https://www.exploit-db.com/exploits/41763 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1576.html http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation http://www.openwall.com/lists/oss-security/2016/02/24/8 http://www.openwall.com/lists/oss-security/2021/10/18/1 https://bugs.launchpad.net/bugs/1535150 https://launchpadlibrarian.net/23530009 •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2012-0948
https://notcve.org/view.php?id=CVE-2012-0948
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials. DistUpgrade/DistUpgradeMain.py en el Administrador de actualización de Ubuntu v12.04 LTS, v11.10 y v11.04, utiliza permisos débiles para (1) system_state.tar.gz y (2) apt-clone_system_state.tar.gz, lo que permite a usuarios locales obtener las credenciales del repositorio. • http://launchpadlibrarian.net/105380733/update-manager_1%3A0.156.14.3_1%3A0.156.14.4.diff.gz http://osvdb.org/82019 http://secunia.com/advisories/49230 http://www.securityfocus.com/bid/53604 http://www.ubuntu.com/usn/USN-1443-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/75727 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2007-3847 – httpd: out of bounds read
https://notcve.org/view.php?id=CVE-2007-3847
The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. La fecha que maneja el código en modules/proxy/proxy_util.c (mod_proxy) en Apache 2.3.0, cuando se utiliza un MPM hilado, permite a servidores origen remotos provocar denegación de servicio (caida del proceso de proxy del cacheo de respuesta)a través de cabeceras de datos manipulados que disparan una sobre-lectura de búfer. • http://bugs.gentoo.org/show_bug.cgi?id=186219 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.vmware.com/pipermail/security-announce/200 • CWE-125: Out-of-bounds Read •