CVE-2011-2910

The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.

View Full Alert

Related Posts

  • CVE-2011-5328

    The user-access-manager plugin before 1.2 for WordPress has CSRF. View Full Alert

  • CVE-2011-1408

    ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. View Full Alert

  • CVE-2011-5329

    The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. View Full Alert