Searching setuid setgid software vulnerabilities

Unknown vulnerability in (1) loadmodule, and (2

vulnerability | Unknown |

Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586.


GTK+ library allows local users to specify arbi

environmental | setuid/setgid | GTK_MODULES | privileges | arbitrary | variable | program | library | specify | modules | allows | allow | local | could | users | which | GTK+ | used | gain | via |

GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.


ptrace in Linux 2.2.x through 2.2.19, and 2.4.x

through | ptrace | Linux | 22x |

ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp.


setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20,

setrlimit | HP-UX |

setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropeed, which could allow local users to cause a denial of service by exhausting available disk space.


FreeBSD kernel 4.6 and earlier closes the file

descriptors | privileges | linprocfs | reference | /dev/null | critical | assigned | already | earlier | FreeBSD | program | setuid | setgid | modify | procfs | closes | kernel | users | reuse | after | which | could | local | allow | gain | data | have | been | file | they |

FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges.


pkgadd in Sun Solaris 2.5.1 through 8 installs

Solaris | pkgadd | Sun |

pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.


Buffer overflow in PFinger 0.7.8 client allows

overflow | PFinger | Buffer |

Buffer overflow in PFinger 0.7.8 client allows remote attackers to execute arbitrary code via a long query value passed to the (1) finger program, (2) -l, (3) -d, and (4) -t options. NOTE: if PFinger is not setuid or setgid, then this issue would not cross privilege boundaries and would not be considered a vulnerability.


Race condition in exec in OpenBSD 4.0 and earli

condition | OpenBSD | earlier | NetBSD | Race | exec |

Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.


Buffer overflow in the GNU DataDisplay Debugger

DataDisplay | Debugger | overflow | Buffer | GNU |

Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE.


SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0

UnixWare | SCO |

SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user.


Buffer overflow in snmpd in ucd-snmp 4.2.6 and

ucd-snmp | overflow | Buffer | snmpd |

Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there are any standard configurations in which snmpd is installed setuid or setgid. If not, then this issue should not be included in CVE.


The Change Permissions function in the Sophster

Permissions | Sophster | function | before | Change | suite |

The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and (3) sticky bits when changing a file, which might allow attackers to gain privileges or conduct other unauthorized activities.


uim before 0.4.5.1 trusts certain environment v

before | uim |

uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.


Unzip 5.51 and earlier does not properly warn t

Unzip |

Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.


Mac OS X 10.3.9 and earlier allows users to ins

Mac |

Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts.


Tar 1.15.1 does not properly warn the user when

Tar |

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.


NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-

NetBSD-current | through | before | NetBSD |

NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before Monday, October 31, 2005 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials.


Buffer overflow in MP3Info 0.8.4 allows attacke

overflow | MP3Info | Buffer |

Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.


server.cpp in MyServer 0.8.5 calls Process::set

servercpp | MyServer |

server.cpp in MyServer 0.8.5 calls Process::setuid before calling Process::setgid and thus does not properly drop privileges, which might allow remote attackers to execute CGI programs with unintended privileges.


mount and umount in util-linux call the setuid

util-linux | privileges | attackers | functions | mountnfs | helpers | return | values | setuid | setgid | umount | might | mount | allow | check | order | which | wrong | such | call | gain | via | not |

mount and umount in util-linux call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.


Software vulnerabilities results 1 to 20 of 151     
Page: 12345...8