The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.ħ Cabextract Project, Canonical, Debian and 4 moreħ Cabextract, Ubuntu Linux, Debian Linux and 4 more Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.ħ Debian Linux, Linux Kernel, H410c and 4 moreĪ flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The highest threat from this vulnerability is to data confidentiality.ħ Canonical, Oracle, Polkit Project and 4 moreģ2 Ubuntu Linux, Http Server, Zfs Storage Appliance Kit and 29 moreĪ local privilege escalation vulnerability was found on polkit's pkexec utility. A local user could use this flaw to get read memory access out of bounds. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 moreĪ flaw was found in the Linux kernel.
0 kommentar(er)
