HP Tru64 Alpha OSF1 5.1 - ps Information Leak

HP Tru64 Alpha OSF1 5.1 - ps Information Leak !/bin/ksh osf1tru64ps.ksh exploit Tested on OSF1 V5.1 1885 alpha ps executable - information leak Author: Andrea "bunker" Purificato http://rawlab.mindcreations.com the "ps" command also /usr/ucb/ps on HP OSF1 v5.1 Alpha, developed without an eye to...

HP Tru64 Alpha OSF1 5.1 - 'ps' Information Leak

!/bin/ksh osf1tru64ps.ksh exploit Tested on OSF1 V5.1 1885 alpha ps executable - information leak Author: Andrea "bunker" Purificato http://rawlab.mindcreations.com the "ps" command also /usr/ucb/ps on HP OSF1 v5.1 Alpha, developed without an eye to security, allows unprivileged users to see valu...

OSF/1 ps information leak

ps show environment variables for all processes...

MBSE BBS for Unix buffer overflow

Buffer overflows in multiple suid utilities on environment variables parsing...

Mandrake Linux Security Advisory : sudo (MDKSA-2006:159)

Previous sudo updates were made available to sanitize certain environment variables from affecting a sudo call, such as PYTHONINSPECT, PERL5OPT, etc. While those updates were effective in addressing those specific environment variables, other variables that were not blacklisted were being made...

Multiple Sun Solaris vulnerabilities

Buffer overflow in ld.so doprf, directory traversal on parsing different environment variables in ld.so...

CVE-2006-6165

ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is...

CVE-2006-6165

ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is...

CVE-2006-6164

The CVE-2006-6164 entry concerns OpenBSD 3.9 and 4.0 where the _dl_unsetenv function in loader.c of the ELF ld.so fails to remove duplicate environment variables. This could allow local users to pass dangerous variables (e.g., LD_PRELOAD) to loading processes, potentially enabling privilege escal...

CVE-2006-6164

The dlunsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LDPRELOAD to loading processes, which might be leveraged to gain privileges...

CVE-2006-6165

CVE-2006-6165 concerns ld.so in FreeBSD and NetBSD (and possibly other BSDs) that does not remove certain harmful environment variables before loading processes, enabling local privilege escalation by manipulating environment variables. The impact is described as local confidentiality, integrity,...

CVE-2006-6165

ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is...

PT-2006-6799 · Freebsd · Ld.So

Name of the Vulnerable Software and Affected Versions: ld.so in FreeBSD, NetBSD, and possibly other BSD distributions affected versions not specified Description: The issue allows local users to gain privileges by passing certain environment variables to loading processes, as ld.so does not remov...

OpenBSD 3.94.0 - ld.so Local Environment Variable Clearing

OpenBSD 3.94.0 - ld.so Local Environment Variable Clearing / source: https://www.securityfocus.com/bid/21188/info OpenBSD is prone to a local vulnerability that may allow attackers to pass malicious environment variables to applications, bypassing expected security restrictions. Attackers may be...

Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation (2)

source: https://www.securityfocus.com/bid/20471/info The Netscape Portable Runtime API running on Sun Solaris 10 operating system is prone to a local privilege-escalation vulnerability. A successful exploit of this issue allows an attacker to gain superuser privileges, completely compromising the...

Debian DSA-1018-2 : kernel-source-2.4.27 - several vulnerabilities

The original update lacked recompiled ALSA modules against the new kernel ABI. Furthermore, kernel-latest-2.4-sparc now correctly depends on the updated packages. For completeness we're providing the original problem description : Several local and remote vulnerabilities have been discovered in t...

Debian DSA-946-2 : sudo - missing input sanitising

The former correction to vulnerabilities in the sudo package worked fine but were too strict for some environments. Therefore we have reviewed the changes again and allowed some environment variables to go back into the privileged execution environment. Hence, this update. The configuration optio...

Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation (1)

Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation 1 source: https://www.securityfocus.com/bid/20471/info The Netscape Portable Runtime API running on Sun Solaris 10 operating system is prone to a local privilege-escalation vulnerability. A successful exploit of this iss...

Solaris 10 (libnspr) Arbitrary File Creation Local Root Exploit

Exploit for solaris platform in category local exploits =============================================================== Solaris 10 libnspr Arbitrary File Creation Local Root Exploit =============================================================== !/bin/sh $Id: raptorlibnspr,v 1.1 2006/10/13 19:12:...

CVE-2006-4842

The Netscape Portable Runtime NSPR API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files...