CVE-2013-6876 s3dvt Root shell

CVE-2013-6876 s3dvt Root shell About s3dvt: s3dvt is part of the 3d network display server which can be used as 3d desktop environment. Vulnerability: A vulnerability in s3dvt for versions prior to 0.2.2 allows to obtain a root shell. Details, patches, discussion and strategy to exploit

CVE-2013-6825 DCMTK Root Privilege escalation

CVE-2013-6825 DCMTK Root Privilege escalation About DCMTK: DCMTK is a collection of libraries and applications implementing large parts the DICOM standard. It includes software for examining, constructing and converting DICOM image files, handling offline media, sending and receiving images

CVE-2014-1226 s3dvt Root shell (still)

CVE-2014-1226 s3dvt Root shell (still) About s3dvt: s3dvt is part of the 3d network display server which can be used as 3d desktop environment. Vulnerability: The s3dvt developers forgot to review all the code. There is still a vulnerable function as in the previous CVE-2013-6825. At the

Bug in bash = 4.3 [security feature bypassed]

Hi everyone, Recently we discovered a bug in bash. After some time after reporting it to bash developers, it has not been fixed. We think that this is a security issue because in some circumstances the bash security feature could be bypassed allowing the bash to be a valid target shell in an

CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2

Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2 CVE: CVE-2014-0907 Vendor: IBM Product: DB2 Affected version: V9.1, V9.5, V9.7, V10.1 and V10.5 Fixed version: V9.7 FP9a, V10.1 FP3a, V10.1 FP4 and V10.5 FP3a Reported by: Tim Brown Details: It

FreeBSD Security Advisory FreeBSD-SA-14:13.pam

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-14:13.pamSecurity Advisory The FreeBSD Project Topic:

FreeBSD Security Advisory FreeBSD-SA-14:11.sendmail

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-14:11.sendmail Security Advisory The FreeBSD Project Topic:

FreeBSD Security Advisory FreeBSD-SA-14:12.ktrace

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-14:12.ktrace Security Advisory The FreeBSD Project Topic:

[SECURITY] [DSA 2945-1] chkrootkit security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2945-1 secur...@debian.org http://www.debian.org/security/ Giuseppe Iuculano June 03, 2014

[CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies

I. VULNERABILITY - Reflected XSS Attacks vulnerabilities in Transform Foundation server 4.3.1 and 5.2 from Bottomline Technologies II. BACKGROUND - Bottomline offers powerful, next-generation electronic document solutions for formatting,

Re: [oss-security] Bug in bash = 4.3 [security feature bypassed]

In my opinion the drop of privs in bash was mostly a help measure for poorly written setuid programs executing system() calls. I don't think is the role of bash to do this as the problem that could be exploited by that would really be in the original program that does not drop privs before