Gentoo Linux Security Advisory 201412-9 - This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.
4995f714768dc9489827ec4c465280ca801c6e87a06c8c8703f318a02caf11a8Red Hat Security Advisory 2011-1580-03 - The resource-agents package contains a set of scripts to interface with several services to operate in a High Availability environment for both Pacemaker and rgmanager service managers. It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library.
76b9d260e2212ac0676410bf96ddadbac1b1f6a01a5448c80f8bb5634a12d824Gentoo Linux Security Advisory 201110-18 - A vulnerability was found in rgmanager, allowing for privilege escalation. Versions less than 2.03.09-r1 are affected.
2b9282a2f21071ee4f1fbf1d9a00c12c3cb262738f0ce4989a36710458b80eaaRed Hat Security Advisory 2011-1000-01 - The rgmanager package contains the Red Hat Resource Group Manager, which provides the ability to create and manage high-availability server applications in the event of system downtime. It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library.
54961af781e0329d4149b81c9a00aa11c631bdf351abe258b2c9a67eb871e754
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed