Gnu

Hurd

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.5

CVE-2021-43411

Exploit
  • EPSS 0.44%
  • Published 07.11.2021 18:15:07
  • Last modified 21.11.2024 06:29:11

An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process p...

7.8

CVE-2021-43412

Exploit
  • EPSS 0.04%
  • Published 07.11.2021 18:15:07
  • Last modified 21.11.2024 06:29:11

An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.

9

CVE-2021-43413

Exploit
  • EPSS 1.03%
  • Published 07.11.2021 18:15:07
  • Last modified 21.11.2024 06:29:11

An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access.

7

CVE-2021-43414

Exploit
  • EPSS 0.03%
  • Published 07.11.2021 18:15:07
  • Last modified 21.11.2024 06:29:11

An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access.