漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Flaw in Linuxulator execution of setugid binaries
Vulnerability Description
The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where the auxiliary vector is constructed, so AT_SECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. An unprivileged local user can inject a shared library via LD_PRELOAD into a set-user-ID or set-group-ID Linux binary, gaining the privileges of that binary.
CVSS Information
N/A
Vulnerability Type
特权授予不正确
Vulnerability Title
FreeBSD 权限许可和访问控制问题漏洞
Vulnerability Description
FreeBSD是FreeBSD基金会开源的一套类Unix操作系统。 FreeBSD存在权限许可和访问控制问题漏洞,该漏洞源于在execve(2)系统调用中,辅助向量构建时P_SUGID进程标志尚未设置,导致AT_SECURE错误地为set-user-ID和set-group-ID可执行文件设置为零,从而允许非特权本地用户通过LD_PRELOAD向这些可执行文件注入共享库,获取该二进制文件的权限。
CVSS Information
N/A
Vulnerability Type
N/A