similar to: Local Privilege Escalation

Affected product: Dovecot IMAP Server Internal reference: DOV-5320 Vulnerability type: Improper Access Control (CWE-284) Vulnerable version: 2.2 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed in main Researcher credits: Julian Brook (julezman) Vendor notification: 2022-05-06 CVE reference: CVE-2022-30550 CVSS: 6.8

Affected product: Dovecot IMAP Server Internal reference: DOV-5320 Vulnerability type: Improper Access Control (CWE-284) Vulnerable version: 2.2 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed in main Researcher credits: Julian Brook (julezman) Vendor notification: 2022-05-06 CVE reference: CVE-2022-30550 CVSS: 6.8

Source: xen Version: 4.1.2-2 Severity: critical Tags: security Justification: allows PV domains to escape into the dom0 context Hi, I realize you're most likely pretty well aware of that problem already, but Debian's Xen versions are vulnerable to a PV privilege escalation [1]. The issue is tracked as CVE-2012-0217 and public as of today. Therefore I am filing this bug for coordination

Package: xen-3 Severity: grave Tags: security Justification: user security hole Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2008-2004[0]: | The drive_init function in QEMU 0.9.1 determines the format of a raw | disk image based on the header, which allows local guest users to read | arbitrary files on the host by modifying the header to identify

https://news.ycombinator.com/item?id=13670458 I'm restarting Phab with lots more cores / memory. Hopefully back up and fast soon. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20170217/9adc4d4a/attachment.html>

Package: xen-unstable Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2008-0928[0]: | Qemu 0.9.1 and earlier does not perform range checks for block device | read or write requests, which allows guest host users with root | privileges to access arbitrary memory and escape the virtual machine. If you fix

tags 446771 + patch thanks Hi, attached is a patch to fix this if you don't already have one. Kind regards Nico -- Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: CVE-2007-4993.patch Type: text/x-diff Size: 4742

From: "Richard W.M. Jones" <rjones at redhat.com> CVE-2011-4127 is a serious qemu & kernel privilege escalation bug found by Paolo Bonzini. http://seclists.org/oss-sec/2011/q4/536 An untrusted guest kernel is able to issue special SG_IO ioctls on virtio devices which qemu passes through to the host kernel without filtering or sanitizing. These ioctls allow raw sectors from

Hi, I found an advisory (http://www.intel.com/support/network/sb/CS-023726.htm) from intel for their LAN driver for the eepro100 and gigabit network cards. Is the FreeBSD em driver in any way affected by this problem? Looks like it is at least derived from the intel driver. greetings, philipp wuensche

On 10 May 2011 16:10, "Jamie Landeg Jones" <jamie@bishopston.net> wrote: > > > It used to confuzzle sysadmins on SUNos when the mount point was > > 0700. The underlying mode disapeared when the mount was made, but it > > was still being enforced. Suddenly no one but root could use say /usr > > even though it was apparently 0755 > > I remember that

Do we know if this bug affects Centos? http://www.techworld.com.au/article/413300/linux_vendors_rush_patch_privilege_escalation_flaw_after_root_exploits_emerge The article states that it affects kernel 2.6.39 and above, but since RH backports so much stuff I'm not sure if this would actually include the Centos kernels. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~

Package: xen-3.0 Version: 3.0.3-0-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3.0. CVE-2007-4993[0]: | pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest | domain, allows local users with elevated privileges in the guest domain to | execute arbitrary commands in domain 0 via a crafted grub.conf

Package: xen-unstable Severity: grave Tags: security Justification: user security hole Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2008-2004[0]: | The drive_init function in QEMU 0.9.1 determines the format of a raw | disk image based on the header, which allows local guest users to read | arbitrary files on the host by modifying the

Hello, we are using 3.4.3 from Gitco.de on 64bit Centos 5.8 and we have PV guests 64bit. According to described security bug we are in danger. What do you suggest? Wait for gitco update or build xen own with patch? Br Peter

hey.. I talked to my sysadmins about getting access to the dtrace_kernel role, and they said they were hesitant to give this out because they thought it was a security risk - ie: that you could use it for privilege escalation. How true is this? Is there a way to make it user safe? If not, why is it offered as an option for regular users? Thanks much, Ed -- This message posted from

xen-4.4.2-2, available from the virt6-testing repository, includes the fix for this issue. Note that Xen actually does attempt to disable the floppy disk for HVM domains by default, but due to a bug in qemu, the floppy disk only partially disabled; enough functionality to exploit this bug remains. This should be available from the normal xen4 repositories sometime this afternoon. -George

Hello! I was advised by the forum moderator to ask for contribution: http://www.centos.org/modules/newbb/viewtopic.php?topic_id=20223&forum=38&post_id=76546#forumpost76546 My wiki login is VladislavRastrusny I would like to contribute for Tips & Tricks section with a small automated script to install webmin repository data and webmin itself from here:

Hi list, we have spotted a serious problem with our Samba (Debian version 3.0.24-6) on linux 2.4.31, ext2 with ACLs enabled. We use "hide unreadable = yes" to reduce clutter for our users. Today we noticed that with this option enabled any linux client can access and read *all* directories under the share, even directories that are owned by root and set to 0700. No ACLs are set on the

I got a WD 1TB My Book with eSATA/USB/Firewire400 connectivity to backup data on a client Centos 5.1 machine. USB 2.0 works fine out of the box but is rather slow, Nautilus predicts about 1+ hour to fully backup just one day's worth of data or about 100GB. So I was hoping Firewire would be faster, which is why we got the version with all 3 interfaces to experiment with first. Following the

Ralph, Will you please check posts #17, 18 & 19 of this forum thread -- http://www.centos.org/modules/newbb/viewtopic.php?topic_id=19968&start=0#forumpost76277 When you have a moment, I'm sure you will reply to it. :-) Alan.