4 results (0.009 seconds)

CVSS: 3.3EPSS: 0%CPEs: 20EXPL: 3

The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk. El "make" incluye ficheros en NetBSD anterior a v1.6.2 usados en pmake v1.111 y otros productos, permite a usuarios locales sobreescribir ficheros de su elección a través de un ataque de enlace simbólico sobre un archivo temporal /tmp/_depend#####, relacionado con (1) bsd.lib.mk y (2) bsd.prog.mk. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673 http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h http://openwall.com/lists/oss-security/2011/05/16/2 http://openwall.com/lists/oss-security/2011/05/16/8 http://www.securityfocus.com/bid/47878 https://bugzilla.redhat.com/show_bug.cgi?id=705090 https://bugzilla • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via a long check argument of a shell definition. • https://www.exploit-db.com/exploits/21159 http://marc.info/?l=bugtraq&m=100638919720975&w=2 http://www.iss.net/security_center/static/7603.php http://www.securityfocus.com/bid/3573 •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via format specifiers in the check argument of a shell definition. • https://www.exploit-db.com/exploits/21158 http://marc.info/?l=bugtraq&m=100638919720975&w=2 http://www.iss.net/security_center/static/7602.php http://www.securityfocus.com/bid/3572 •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake. • http://www.iss.net/security_center/static/9988.php http://www.turbolinux.com/pipermail/tl-security-announce/2001-May/000313.html •