761 matches found
Halloween Linux 4.0 / SuSE Linux 6.0/6.1/6.2/6.3 - 'kreatecd' Local Privilege Escalation
source: https://www.securityfocus.com/bid/1061/info A vulnerability exists in the kreatecd program for Linux. This program is a graphical front end to the cdrecord program, and is installed setuid root. This program will blindly trust the configuration of the path to cdrecord, as specified by the...
SGI IRIX 6.2 - midikeyssoundplayer Local Privilege Escalation
SGI IRIX 6.2 - midikeyssoundplayer Local Privilege Escalation !/bin/sh source: https://www.securityfocus.com/bid/909/info SGI's Irix operating system ships with an X11 application called 'soundplayer' which is used to play .WAV files. It is not setuid root by itself, but can inherit root privileg...
SuSE_overflow_exploit.txt
Greetings, My last post regarding a sccw exploit simply allowed any user to read any file on the system but, of course, didn't yield any instant root. A much more serious problem now exists in the form of a HOME environment variable buffer overflow. If you hadn't removed the s-bit before, now is...
suse6.2pbpg.txt
Brock Tellier [email protected] Sent: Thursday, September 16, 1999 5:06 PM Subject: Two SuSE 6.2 local root exploits Greetings, /usr/bin/pb and /usr/bin/pg, suid root by default on SuSE 6.2, allow any user to read any file on the system as shown: susebox:/root ls -la /usr/bin/pb uname -rwsr-xr-...
Linux_suse_exploits.txt
Subject: Two SuSE 6.2 local root exploits To: [email protected] Greetings, /usr/bin/pb and /usr/bin/pg, suid root by default on SuSE 6.2, allow any user to read any file on the system as shown: susebox:/root ls -la /usr/bin/pb uname -rwsr-xr-x 1 root root 23544 Jul 22 20:07 /usr/bin/pb...
irixat.txt
Date: Fri, 3 Jul 1998 22:14:14 +0200 From: "J.A. Gutierrez" Subject: more about 'at' I've tried the trick from NetBSD Security Advisory 1998-004 on an IRIX 6.2 host, and it seems it works too. $ at -f /etc/shadow now + 1 minute - shadow is mailed to user: 'at' is: f 23947 91...
IRIX 6.2/6.3 - '/bin/lpstat' Local Buffer Overflow
/ source: https://www.securityfocus.com/bid/1529/info Certain versions of IRIX ship with a version of lpstat which is vulnerable to a buffer overflow attack. The program, lpstat, is used to check the status of the printer being used by the IRIX machine. The problem is in the command line parsing...
CVE-1999-1181
Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges...
CVE-1999-1409
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail...
SGI IRIX 6.2 - libgl.so Local Buffer Overflow
SGI IRIX 6.2 - libgl.so Local Buffer Overflow / source: https://www.securityfocus.com/bid/1527/info Certain versions of IRIX ship with a version libgl.so which is vulnerable to buffer overflow attacks. This library, libgl.so, is used in conjunction with graphical programs which use OpenGL. As a...
SGI IRIX 6.2 - eject Local Privilege Escalation (1)
SGI IRIX 6.2 - eject Local Privilege Escalation 1 // source: https://www.securityfocus.com/bid/351/info A vulnerability exists in the eject program shipped with Irix 6.2 from Silicon Graphics. By supplying a long argument to the eject program, it is possible to overwrite the return address on the...
SGI IRIX 6.2 - 'eject' Local Privilege Escalation (2)
// source: https://www.securityfocus.com/bid/351/info A vulnerability exists in the eject program shipped with Irix 6.2 from Silicon Graphics. By supplying a long argument to the eject program, it is possible to overwrite the return address on the stack, and execute arbitrary code as root. Eject ...
SGI IRIX 6.2 - 'eject' Local Privilege Escalation (1)
// source: https://www.securityfocus.com/bid/351/info A vulnerability exists in the eject program shipped with Irix 6.2 from Silicon Graphics. By supplying a long argument to the eject program, it is possible to overwrite the return address on the stack, and execute arbitrary code as root. Eject ...
CVE-1999-1232
Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 allows local users to execute arbitrary commands via a modified PATH environment variable that points to a malicious cp program...
SGI IRIX 6.2 - day5notifier Local Privilege Escalation
SGI IRIX 6.2 - day5notifier Local Privilege Escalation !/bin/sh source: https://www.securityfocus.com/bid/345/info A vulnerability exists in the day5notifier program, shipped with Irix 6.2 from Silicon Graphics Inc. This program will allow any user to run any command as root. day5notifier wisely...
SGI IRIX 6.2 - 'day5notifier' Local Privilege Escalation
!/bin/sh source: https://www.securityfocus.com/bid/345/info A vulnerability exists in the day5notifier program, shipped with Irix 6.2 from Silicon Graphics Inc. This program will allow any user to run any command as root. day5notifier wisely replaces a number of system calls with execve calls...
SGI IRIX 6.2 - usrlibnetaddpr Local Privilege Escalation
SGI IRIX 6.2 - usrlibnetaddpr Local Privilege Escalation source: https://www.securityfocus.com/bid/330/info SGI's IRIX 5.x and 6.x operating system include a utility called /usr/lib/netaddpr. This program can be used by privledged users to add network printing devices to the system. A race...
SGI IRIX 6.4 - datmancdman Local Privilege Escalation
SGI IRIX 6.4 - datmancdman Local Privilege Escalation source: https://www.securityfocus.com/bid/347/info A vulnerability exists in the datman/cdman program, as included with Irix 6.2 and 5.3 from Silicon Graphics Inc. The vulnerability would allow arbitrary users to execute commands as root. The...
SGI IRIX 6.2 - SpaceWare
SGI IRIX 6.2 - SpaceWare source: https://www.securityfocus.com/bid/471/info The SpaceBall game, shipped with Irix 6.2 from Silicon Graphics contains a security hole which could result in the compromise of the root account. By blindly taking the contents of the $HOSTNAME variable, and not placing...
SGI IRIX 6.2 - SpaceWare
source: https://www.securityfocus.com/bid/471/info The SpaceBall game, shipped with Irix 6.2 from Silicon Graphics contains a security hole which could result in the compromise of the root account. By blindly taking the contents of the $HOSTNAME variable, and not placing quotes around it, the...