CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian : Security Vulnerabilities (Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4422 287 +Priv Bypass 2016-05-06 2016-05-10
10.0
None Remote Low Not required Complete Complete Complete
The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.
2 CVE-2016-3169 264 +Priv 2016-04-12 2016-04-12
6.8
User Remote Medium Not required Partial Partial Partial
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
3 CVE-2016-2856 264 +Priv 2016-03-13 2016-03-23
7.2
None Local Low Not required Complete Complete Complete
pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
4 CVE-2016-1235 264 +Priv +Info 2016-04-11 2016-04-14
9.0
None Remote Low Single system Complete Complete Complete
The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.
5 CVE-2016-1233 264 +Priv 2016-01-26 2016-01-31
7.2
Admin Local Low Not required Complete Complete Complete
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.
6 CVE-2016-0766 264 +Priv 2016-02-17 2016-03-09
9.0
None Remote Low Single system Complete Complete Complete
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
7 CVE-2015-8325 264 +Priv 2016-04-30 2016-05-05
7.2
None Local Low Not required Complete Complete Complete
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
8 CVE-2015-3636 DoS +Priv 2015-08-05 2015-11-24
4.9
None Local Low Not required None None Complete
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
9 CVE-2015-3339 362 +Priv 2015-05-27 2015-06-30
6.2
None Local High Not required Complete Complete Complete
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.
10 CVE-2014-9273 119 Exec Code Overflow +Priv 2014-12-08 2015-08-25
4.6
User Local Low Not required Partial Partial Partial
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
11 CVE-2013-6476 264 +Priv 2014-03-14 2014-03-17
4.4
None Local Medium Not required Partial Partial Partial
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
12 CVE-2013-6409 264 +Priv 2013-12-07 2013-12-09
6.2
None Local High Not required Complete Complete Complete
Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl.
13 CVE-2013-4559 264 +Priv 2013-11-20 2014-01-23
7.6
None Remote High Not required Complete Complete Complete
lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.
14 CVE-2013-2072 119 DoS Overflow +Priv Mem. Corr. 2013-08-28 2015-11-19
7.4
None Local Network Medium Single system Complete Complete Complete
Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap.
15 CVE-2013-1048 264 +Priv 2013-03-06 2013-03-06
4.6
None Local Low Not required Partial Partial Partial
The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
16 CVE-2012-0216 +Priv XSS +Info 2012-04-22 2012-08-13
4.4
None Local Medium Not required Partial Partial Partial
The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
17 CVE-2010-3369 +Priv 2010-10-20 2010-12-14
6.9
None Local Medium Not required Complete Complete Complete
The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, and other versions before 2.8.1, place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
18 CVE-2009-1573 264 +Priv 2009-05-06 2010-05-27
4.6
None Local Low Not required Partial Partial Partial
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
19 CVE-2007-3912 264 +Priv 2007-09-10 2009-02-05
7.2
Admin Local Low Not required Complete Complete Complete
checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process.
20 CVE-2006-7098 264 +Priv 2007-03-03 2008-11-15
6.6
Admin Local Medium Single system Complete Complete Complete
The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
21 CVE-2006-1844 +Priv 2006-04-19 2008-09-05
2.1
None Local Low Not required Partial None None
The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.
22 CVE-2006-1566 +Priv 2006-03-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the tunepimp.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.
23 CVE-2006-1565 +Priv 2006-03-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.
24 CVE-2006-1564 +Priv 2006-03-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
25 CVE-2005-4728 +Priv 2005-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian GNU/Linux allows local users to gain privileges via a malicious Mesa library in the /home/anand directory.
26 CVE-2004-2768 264 +Priv 2010-06-08 2010-06-18
7.2
None Local Low Not required Complete Complete Complete
dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.
27 CVE-2003-0385 Overflow +Priv 2003-07-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allows local users to gain root privileges via a long -language option.
28 CVE-2003-0382 Overflow +Priv 2003-07-02 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable.
29 CVE-2003-0308 +Priv 2003-05-15 2008-11-11
7.2
Admin Local Low Not required Complete Complete Complete
The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.
30 CVE-2002-0062 Overflow +Priv 2002-03-08 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
31 CVE-2001-0279 Overflow +Priv 2001-05-03 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.
32 CVE-2001-0195 +Priv 2001-03-26 2008-09-05
2.1
None Local Low Not required Partial None None
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
33 CVE-2001-0193 +Priv 2001-05-03 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.
34 CVE-2001-0128 +Priv Bypass 2001-03-12 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
35 CVE-2000-0867 +Priv 2000-11-14 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
36 CVE-2000-0666 +Priv 2000-07-16 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
37 CVE-2000-0607 Overflow +Priv 2000-06-21 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.
38 CVE-2000-0606 Overflow +Priv 2000-06-21 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.
39 CVE-2000-0229 +Priv 2000-03-22 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.
40 CVE-1999-1390 +Priv 1998-04-28 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain root privileges by specifying a malicious program on the command line.
41 CVE-1999-1276 +Priv 1998-12-07 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.
42 CVE-1999-1182 Overflow +Priv 1997-07-17 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.
43 CVE-1999-1048 Overflow +Priv 1998-09-05 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.
44 CVE-1999-0742 +Priv 1999-06-22 2008-09-09
5.0
None Remote Low Not required Partial None None
The Debian mailman package uses weak authentication, which allows attackers to gain privileges.
45 CVE-1999-0457 +Priv 1999-01-17 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Linux ftpwatch program allows local users to gain root privileges.
46 CVE-1999-0434 DoS +Priv 1999-03-30 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
Total number of vulnerabilities : 46   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.