CVE-2009-0641

systerm.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client,...

CVE-2009-0641

CVE-2009-0641 affects FreeBSD telnetd (sys_term.c) in 7.0-RELEASE and other 7.x releases. The vulnerability stems from environment-variable handling where dangerous vars were not scrubbed using a method valid only in older FreeBSD distributions, enabling remote attackers to execute arbitrary code...

FreeBSD Security Advisory (FreeBSD-SA-09:05.telnetd.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-09:05.telnetd.asc ADV FreeBSD-SA-09:05.telnetd.asc OpenVAS Vulnerability Test $ Description: Auto generated from ADV FreeBSD-SA-09:05.telnetd.asc Authors: Thomas Reinke Copyright: Copyright c 200...

FreeBSD Security Advisory (FreeBSD-SA-09:05.telnetd.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-09:05.telnetd.asc SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

FreeBSD 7.0-RELEASE - Telnet Daemon Privilege Escalation

FreeBSD 7.0-RELEASE - Telnet Daemon Privilege Escalation FreeBSD 7.0-RELEASE telnet daemon local privilege escalation - And possible remote root code excution. There is a rather big bug in the current FreeBSD telnetd daemon. The environment is not properly sanitized when execution /bin/login, wha...

FreeBSD 7.0-RELEASE Telnet Daemon Local Privilege Escalation Exploit

Exploit for freebsd platform in category local exploits ==================================================================== FreeBSD 7.0-RELEASE Telnet Daemon Local Privilege Escalation Exploit ==================================================================== FreeBSD 7.0-RELEASE telnet daemon...

FreeBSD-SA-09:05.telnetd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:05.telnetd Security Advisory The FreeBSD Project Topic: telnetd code execution vulnerability Category: core Module: contrib Announced: 2009-02-16 Affects:...

FreeBSD telnetd Privilege Escalation

FreeBSD 7.0-RELEASE telnet daemon local privilege escalation - And possible remote root code excution. There is a rather big bug in the current FreeBSD telnetd daemon. The environment is not properly sanitized when execution /bin/login, what leads to a possible remote root hole. The telnet protoc...

Debian DSA-1721-1 : libpam-krb5 - several vulnerabilities

Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0360 Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from environment variables...

Sudo <= 1.6.9p18 (Defaults setenv) Local Privilege Escalation Exploit

Exploit for multiple platform in category local exploits ===================================================================== Sudo "Defaults setenv" so environ vars are preserved : program.c include include include void init if !geteuid unsetenv"LDPRELOAD"; setgid0; setuid0;...

Sudo 1.6.9p18 - &#039;Defaults SetEnv&#039; Local Privilege Escalation

!/bin/sh Sudo "Defaults setenv" so environ vars are preserved : program.c include include include void init if !geteuid unsetenv"LDPRELOAD"; setgid0; setuid0; execl"/bin/sh","sh","-c","chown 0:0 /tmp/xxxx; /bin/chmod +xs /tmp/xxxx",NULL; EOF cat xxxx.c EOF int mainvoid setgid0; setuid0; //...

WordNet: Execution of arbitrary code

Background WordNet is a large lexical database of English. Description Jukka Ruohonen initially reported a boundary error within the searchwn function in src/wn.c. A thorough investigation by the oCERT team revealed several other vulnerabilities in WordNet: Jukka Ruohonen and Rob Holland oCERT...

Gentoo Security Advisory GLSA 200711-12 (tomboy)

The remote host is missing updates announced in advisory GLSA 200711-12. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200711-12 (tomboy)

The remote host is missing updates announced in advisory GLSA 200711-12. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200801-14 (blam)

The remote host is missing updates announced in advisory GLSA 200801-14. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Provide the right to use a skills-vulnerability warning-the black bar safety net

Author: xi4oyu A linux mention of the right to use the tips, release to full when looking for a job to save RP. OK, under normal circumstances, we in the implementation of the bash script, there is an implementation process in which there is a little more important:if BASHENV is set, it will...

CVE-2008-3908

Multiple buffer overflows in Princeton WordNet wn 3.0 allow context-dependent attackers to execute arbitrary code via 1 a long argument on the command line; a long 2 WNSEARCHDIR, 3 WNHOME, or 4 WNDBVERSION environment variable; or 5 a user-supplied dictionary aka data file. NOTE: since WordNet...

AZL-7423 CVE-2008-3908 affecting package wordnet for versions less than 3.0-38

Multiple buffer overflows in Princeton WordNet wn 3.0 allow context-dependent attackers to execute arbitrary code via 1 a long argument on the command line; a long 2 WNSEARCHDIR, 3 WNHOME, or 4 WNDBVERSION environment variable; or 5 a user-supplied dictionary aka data file. NOTE: since WordNet...

AZL-37061 CVE-2008-3908 affecting package wordnet for versions less than 3.0-43

Multiple buffer overflows in Princeton WordNet wn 3.0 allow context-dependent attackers to execute arbitrary code via 1 a long argument on the command line; a long 2 WNSEARCHDIR, 3 WNHOME, or 4 WNDBVERSION environment variable; or 5 a user-supplied dictionary aka data file. NOTE: since WordNet...

CVE-2008-3908

Multiple buffer overflows in Princeton WordNet wn 3.0 allow context-dependent attackers to execute arbitrary code via 1 a long argument on the command line; a long 2 WNSEARCHDIR, 3 WNHOME, or 4 WNDBVERSION environment variable; or 5 a user-supplied dictionary aka data file. NOTE: since WordNet...