CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat » Enterprise Linux : Security Vulnerabilities (Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-5195 362 +Priv 2016-11-10 2017-11-09
7.2
None Local Low Not required Complete Complete Complete
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
2 CVE-2015-3636 DoS +Priv 2015-08-05 2016-12-23
4.9
None Local Low Not required None None Complete
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
3 CVE-2014-8159 264 DoS +Priv 2015-03-16 2017-01-02
6.9
None Local Medium Not required Complete Complete Complete
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
4 CVE-2014-3632 264 +Priv 2014-10-07 2014-10-08
7.6
None Remote High Not required Complete Complete Complete
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.
5 CVE-2014-3153 264 1 +Priv 2014-06-07 2017-01-06
7.2
None Local Low Not required Complete Complete Complete
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
6 CVE-2013-6368 20 DoS +Priv 2013-12-14 2014-03-26
6.2
None Local High Not required Complete Complete Complete
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
7 CVE-2013-4482 +Priv 2013-11-23 2013-11-27
6.2
None Local High Not required Complete Complete Complete
Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.
8 CVE-2013-4342 264 +Priv 2013-10-09 2017-06-30
7.6
None Remote High Not required Complete Complete Complete
xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.
9 CVE-2013-4288 362 +Priv Bypass 2013-10-03 2013-12-08
7.2
None Local Low Not required Complete Complete Complete
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.
10 CVE-2013-2231 399 +Priv 2013-10-01 2013-10-07
7.2
None Local Low Not required Complete Complete Complete
Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing on Windows, allows local users to gain privileges via a crafted program in an unspecified folder.
11 CVE-2013-2224 DoS +Priv 2013-07-04 2014-02-06
6.9
None Local Medium Not required Complete Complete Complete
A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-3552.
12 CVE-2013-1943 20 +Priv +Info 2013-07-16 2013-10-02
6.9
None Local Medium Not required Complete Complete Complete
The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.
13 CVE-2013-1773 119 1 DoS Overflow +Priv 2013-02-28 2016-12-07
6.2
None Local High Not required Complete Complete Complete
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
14 CVE-2012-5536 20 +Priv +Info 2013-02-21 2013-02-22
6.2
None Local High Not required Complete Complete Complete
A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo.
15 CVE-2012-3359 255 +Priv 2014-03-31 2014-03-31
3.7
None Local High Not required Partial Partial Partial
Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect enforcement of a user timeout.
16 CVE-2011-1011 264 DoS +Priv 2011-02-24 2017-08-16
6.9
None Local Medium Not required Complete Complete Complete
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.
17 CVE-2011-0536 +Priv 2011-04-08 2017-09-18
6.9
None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.
18 CVE-2010-0729 264 +Priv 2010-03-16 2017-09-18
6.9
None Local Medium Not required Complete Complete Complete
A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call.
19 CVE-2008-3825 264 +Priv 2008-10-03 2017-09-28
4.4
User Local Medium Not required Partial Partial Partial
pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance.
20 CVE-2008-1951 264 +Priv 2008-06-25 2017-09-28
4.6
User Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries before 1-13a.el4_6.1 in Red Hat Enterprise Linux (RHEL) 4, and before 1-31.el5_2.1 in RHEL 5, allows local users to gain privileges via a malicious library in a certain subdirectory of /var/tmp, related to an incorrect RPATH setting, as demonstrated by a malicious libc.so library for tog-pegasus.
21 CVE-2007-5964 16 +Priv 2007-12-13 2017-09-28
6.9
Admin Local Medium Not required Complete Complete Complete
The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.
22 CVE-2007-1716 +Priv 2007-03-27 2017-10-10
3.4
User Local High Multiple systems Partial Partial Partial
pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
23 CVE-2006-5753 DoS +Priv 2007-01-30 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.
24 CVE-2005-3629 +Priv 2005-12-31 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors.
25 CVE-2005-1760 +Priv 2005-06-13 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.
26 CVE-2005-0750 +Priv 2005-03-27 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
27 CVE-2005-0091 +Priv 2005-05-02 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls.
28 CVE-2004-1068 +Priv 2005-01-10 2017-10-10
6.2
Admin Local High Not required Complete Complete Complete
A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.
29 CVE-2004-0495 +Priv 2004-08-06 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
Total number of vulnerabilities : 29   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.