setgid software vulnerabilities
vulnerabilities.aspcode.net
Searching setgid software vulnerabilities
Solaris Solstice AdminSuite (AdminSuite) 2.1 an
AdminSuite
|
Solstice
|
Solaris
|
Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges.
Unknown vulnerability in (1) loadmodule, and (2
vulnerability
|
Unknown
|
Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586.
GTK+ library allows local users to specify arbi
environmental
|
setuid/setgid
|
GTK_MODULES
|
privileges
|
arbitrary
|
variable
|
program
|
library
|
specify
|
modules
|
allows
|
allow
|
local
|
could
|
users
|
which
|
GTK+
|
used
|
gain
|
via
|
GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.
ptrace in Linux 2.2.x through 2.2.19, and 2.4.x
through
|
ptrace
|
Linux
|
22x
|
ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp.
setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20,
setrlimit
|
HP-UX
|
setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropeed, which could allow local users to cause a denial of service by exhausting available disk space.
Alcatel 4400 installs the /chetc/shutdown comma
Alcatel
|
Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many different local users to shut down the system.
Buffer overflow in slrnpull for the SLRN packag
privileges
|
installed
|
slrnpull
|
overflow
|
package
|
setgid
|
allows
|
Buffer
|
setuid
|
users
|
local
|
long
|
SLRN
|
gain
|
via
|
Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument.
pkgadd in Sun Solaris 2.5.1 through 8 installs
Solaris
|
pkgadd
|
Sun
|
pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.
Race condition in exec in OpenBSD 4.0 and earli
condition
|
OpenBSD
|
earlier
|
NetBSD
|
Race
|
exec
|
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
nethack 3.4.0 and earlier installs certain setg
nethack
|
nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code.
Buffer overflow in GNU make for IBM AIX 4.3.3,
overflow
|
Buffer
|
make
|
AIX
|
IBM
|
GNU
|
Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument.
uim before 0.4.5.1 trusts certain environment v
before
|
uim
|
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
Unzip 5.51 and earlier does not properly warn t
Unzip
|
Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.
Mac OS X 10.3.9 and earlier allows users to ins
Mac
|
Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts.
Tar 1.15.1 does not properly warn the user when
Tar
|
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-
NetBSD-current
|
through
|
before
|
NetBSD
|
NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before Monday, October 31, 2005 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials.
The ebuild for pinentry before 0.7.2-r2 on Gent
overwrite
|
arbitrary
|
programs
|
pinentry
|
setgid
|
allows
|
before
|
Gentoo
|
072-r2
|
ebuild
|
users
|
files
|
local
|
Linux
|
which
|
sets
|
read
|
bits
|
gid
|
The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.
Buffer overflow in MP3Info 0.8.4 allows attacke
overflow
|
MP3Info
|
Buffer
|
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.
server.cpp in MyServer 0.8.5 calls Process::set
servercpp
|
MyServer
|
server.cpp in MyServer 0.8.5 calls Process::setuid before calling Process::setgid and thus does not properly drop privileges, which might allow remote attackers to execute CGI programs with unintended privileges.
mount and umount in util-linux call the setuid
util-linux
|
privileges
|
attackers
|
functions
|
mountnfs
|
helpers
|
return
|
values
|
setuid
|
setgid
|
umount
|
might
|
mount
|
allow
|
check
|
order
|
which
|
wrong
|
such
|
call
|
gain
|
via
|
not
|
mount and umount in util-linux call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.
Software vulnerabilities results 1 to 20 of 34
Page:
1
2
►