CVE-2009-1601
https://notcve.org/view.php?id=CVE-2009-1601
The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory. El script Ubuntu-clamav milter.init de clamav-milter antes de la versión v0.95.1+dfsg-1ubuntu1.2 en Ubuntu v9.04 establece la propiedad del directorio de trabajo actual a la cuenta clamav, lo que podría permitir eludir las restricciones de acceso a los usuarios locales a través de operaciones lectura o escritura o en este directorio. • http://secunia.com/advisories/35000 http://www.securityfocus.com/bid/34818 http://www.ubuntu.com/usn/USN-770-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/50311 https://launchpad.net/bugs/365823 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-6792
https://notcve.org/view.php?id=CVE-2008-6792
system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks. system-tools-backends anteriores a v2.6.0-1ubuntu1.1 in Ubuntu v8.10, cuando es utilizado por "Usuarios y Grupos" en GNOME System Tools, cuentas con contraseña hashes con 3DES y consecuentemente limita la efectividad de la longitud de contraseñas a 8 caracteres, lo que hace más fácil para atacantes dependientes de contexto tener éxito en un ataque de fuerza bruta. • http://osvdb.org/50037 http://secunia.com/advisories/32566 http://www.ubuntu.com/usn/usn-663-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/50435 https://launchpad.net/bugs/287134 • CWE-310: Cryptographic Issues •
CVE-2009-1573
https://notcve.org/view.php?id=CVE-2009-1573
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. xvfb-run v1.6.1 en Debian GNU/Linux, Ubuntu, Fedora 10 y posiblemente otros sistemas operativos, ubican la magic cookie (MCOOKIE) en la línea de comandos, lo que permite a usuarios locales obtener privilegios listando los procesos y sus argumentos. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678 http://secunia.com/advisories/39834 http://www.openwall.com/lists/oss-security/2009/05/05/2 http://www.openwall.com/lists/oss-security/2009/05/05/4 http://www.securityfocus.com/bid/34828 http://www.ubuntu.com/usn/USN-939-1 http://www.vupen.com/english/advisories/2010/1185 https://exchange.xforce.ibmcloud.com/vulnerabilities/50348 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-1295
https://notcve.org/view.php?id=CVE-2009-1295
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors. Apport anterior a v0.108.4 en Ubuntu v8.04 LTS, antes de v0.119.2 en Ubuntu v8.10, y antes de v1.0-0ubuntu5.2 en Ubuntu v9.04 no elimina adecuadamente los archivos del directorio crash-report,lo cual permite a los usuarios locales borrar archivos a su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://secunia.com/advisories/34947 http://secunia.com/advisories/34952 http://secunia.com/advisories/35065 http://www.securityfocus.com/bid/34776 http://www.ubuntu.com/usn/usn-768-1 https://bugs.launchpad.net/bugs/357024 https://launchpad.net/bugs/cve/2009-1295 • CWE-16: Configuration •
CVE-2009-0365 – NetworkManager: GetSecrets disclosure
https://notcve.org/view.php?id=CVE-2009-0365
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler. El manipulador de peticiones dbus en (1) network-manager-applet y (2) NetworkManager en Ubuntu v6.06 LTS, v7.10, v8.04 LTS, and v8.10 no verifica adecuadamente los privilegios, lo que permite a usuarios locales descubrir (a)las contraseñas de la conexión de red y (b)Las claves pre-compartidas a través de peticiones sin especificar. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/34067 http://secunia.com/advisories/34177 http://secunia.com/advisories/34473 http://securitytracker.com/id?1021910 http://securitytracker.com/id?1021911 http://svn.gnome.org/viewvc/network-manager-applet/trunk/nm-applet.conf?r1=1133&r2=1207&pathrev=1207 http://svn.gnome.org/viewvc/network-manager-applet?view=rev • CWE-264: Permissions, Privileges, and Access Controls •