CVE-2016-9151

Source: bugschromiumorg/p/project-zero/issues/detail?id=913 This was fixed by PAN: securityadvisoriespaloaltonetworkscom/Home/Detail/67 The root_reboot utility is setuid root, but performs multiple calls to system() with attacker controlled data, such as this one: text:0804870F C7 44 24 04 78+ mov dword ptr ...

Source: bugschromiumorg/p/project-zero/issues/detail?id=912 The setuid root executable /usr/local/bin/root_trace essentially just does setuid(0) then system("/usr/local/bin/masterd"), which is a python script: $ ls -l /usr/local/bin/root_trace -rwsr-xr-x 1 root root 12376 Oct 17 2014 /usr/local/bin/root_trace As the environment is no ...