CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2011-1155 – logrotate: DoS due improper escaping of file names within 'write state' action
https://notcve.org/view.php?id=CVE-2011-1155
30 Mar 2011 — The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. La función writeState en logrotate.c en Logrotate v3.7.9 y anteriores podría permitir a atacantes dependientes de contexto provocar una denegación de servicio ('rotat... • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1548
https://notcve.org/view.php?id=CVE-2011-1548
30 Mar 2011 — The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/. La configuración por defecto en logrotate en Debien GNU/Linux usa privilegios de administrador para procesar archivos en directorios que permite acceso de escritura a no-administradores, lo... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606544 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1549
https://notcve.org/view.php?id=CVE-2011-1549
30 Mar 2011 — The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages. La configuración por defecto en logrotate en Gentoo Linux utiliza privilegios de administrador para procear archivos en directorios que permite a no-administradores acceso d... • http://openwall.com/lists/oss-security/2011/03/04/16 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1550
https://notcve.org/view.php?id=CVE-2011-1550
30 Mar 2011 — The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages. La configuración por defecto de logrotate en SUSE openSUSE Factory utiliza privilegios de administrador para procesar fich... • http://openwall.com/lists/oss-security/2011/03/04/16 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-6756
https://notcve.org/view.php?id=CVE-2008-6756
27 Apr 2009 — ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. ZoneMinder v1.23.3 en Gentoo Linux utiliza permisos 0644 para el archivo /etc/zm.conf, lo que permite a los usuarios locales obtener el usuario y contraseña de la base de datos mediante la lectura de este archivo. • http://bugs.gentoo.org/show_bug.cgi?id=250715 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.3EPSS: 0%CPEs: 33EXPL: 0CVE-2009-1144
https://notcve.org/view.php?id=CVE-2009-1144
09 Apr 2009 — Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library. Vulnerabilidad de ruta de búsqueda no confiable en el paquete Gentoo de Xpdf anteriores a v3.02-r2, permite a usuarios locales obtener privilegios a través de un troyano (fichero xpdfrc) en el directorio de trabajo actual, relativo... • http://bugs.gentoo.org/show_bug.cgi?id=200023 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-4579 – cman/fence: insecure temporary file usage in the apc fence agents
https://notcve.org/view.php?id=CVE-2008-4579
15 Oct 2008 — The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file. Los programas (1) fence_apc y (2) fence_apc_snmp,como se utilizan en (a) fence 2.02.00-r1 y posiblemente (b) cman, cuando se ejecutan en modo verbose, permiten a usuarios locales añadir a archivos de su elección mediante un ataque de enlaces simbólicos al archivo temporal apcl... • http://bugs.gentoo.org/show_bug.cgi?id=240576 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2008-4580
https://notcve.org/view.php?id=CVE-2008-4580
15 Oct 2008 — fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file. fence_manual, tal y como es usado en fence versión 2.02.00-r1 y posiblemente cman, permite a los usuarios locales modificar archivos arbitrarios por medio de un ataque de tipo symlink en el archivo temporal fence_manual.fifo. • http://bugs.gentoo.org/show_bug.cgi?id=240576 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2008-4394
https://notcve.org/view.php?id=CVE-2008-4394
10 Oct 2008 — Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds. Múltiples vulnerabilidades de búsqueda en ruta no confiable en Portage en versiones anteriores a la v2.1.4.5 incluido el directorio actual de trabajo que permite a usuarios locale... • http://secunia.com/advisories/32228 •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2008-1880
https://notcve.org/view.php?id=CVE-2008-1880
12 May 2008 — The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password. La configuración por defecto de Firebird anterior a 2.0.3.12981.0-r6 en Gentoo Linux establece la variable de entorno ISC_PASSWORD antes de arrancar Firebird, lo que permite a atacantes remotos evitar la autentificación SYSDBA y obtener i... • http://bugs.gentoo.org/show_bug.cgi?id=216158 • CWE-255: Credentials Management Errors •