CVE-2003-0620

Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via 1 MANDATORYMANPATH, MANPATHMAP, and MANDBMAP arguments to addtodirlist in manp.c, 2 a long pathname to ultsrc in ultsrc.c, 3 a long .so argument to testforinclude in ultsrc.c, 4 ...

WMVare privilege escalation

By manipulation environment variables it's possible to start application with root privileges then during virtual machine startup...

Top 1.x/2.0 - 'HOME Environment' Local Buffer Overflow

// source: https://www.securityfocus.com/bid/8239/info A buffer overflow condition has been reported in top when handling environment variables of excessive length. This may result in an attacker potentially executing arbitrary code. / UHAGr CONFIDENTIAL SOURCE - DO NOT DISTRIBUTE Local...

XPCD 2.0.8 - HOME Environment Local Buffer Overflow

XPCD 2.0.8 - HOME Environment Local Buffer Overflow // source: https://www.securityfocus.com/bid/8370/info A problem in the handling of long strings in environment variables by xpcd may result in a buffer overflow condition. This may allow an attacker to gain unauthorized access to system...

Login Vulnerabilities on IRIX

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title : Login Vulnerabilities Number : 20030702-01-P Date : July 16, 2003 Reference: CVE CAN-2003-0574 Reference: SGI BUGS 850587 889119 Fixed in : IRIX 6.5.21 or patch 5182 SGI provides this information freely to the SGI user community for...

XPCD 2.0.8 - 'HOME Environment' Local Buffer Overflow

// source: https://www.securityfocus.com/bid/8370/info A problem in the handling of long strings in environment variables by xpcd may result in a buffer overflow condition. This may allow an attacker to gain unauthorized access to system resources. / xpcd 2.0.8 latest exploit written by r-code...

TerminatorX buffer overflows

Buffer overflow during environment variables parsing...

Sambar Server Multiple CGI Environment Variable Disclosure

The remote web server appears to be Sambar Server and makes available the 'environ.pl' and/or 'testcgi.exe' CGI scripts. These are included by default and reveal the server's installation directory along with other information that could prove useful to an attacker. Note that this version is also...

CVE-2003-0452

The CVE-2003-0452 issue affects the Operator Shell (OSH) up to version 1.7-11. A buffer overflow in OSH can be triggered by long environment variables or lengthy file redirections, enabling a local attacker to execute arbitrary code and bypass the shell’s restrictions. Public sources (including D...

GNU GNATS 3.113 - Environment Variable Buffer Overflow

// source: https://www.securityfocus.com/bid/8005/info It has been reported that GNATS is prone to a buffer overflow condition when parsing certain environment variables. An attacker can exploit this vulnerability by setting an overly long environment variable and invoking one of several GNATS...

DSA-329 osh - buffer overflows

Bulletin has no description...

Переполнение буфера в eterm (buffer overflow)

Переполнение буфера при разборе переменных окружения...

MediaMail buffer overflow

Buffer overflow during environment variables parsing...

Platform Load Sharing Facility 45 - LSF_ENVDIR Local Command Execution

Platform Load Sharing Facility 45 - LSFENVDIR Local Command Execution source: https://www.securityfocus.com/bid/7655/info It has been reported that Load Sharing Facility LSF does not properly handle input in environment variables. Because of this, an attacker may be able to gain escalated...

Platform Load Sharing Facility 4/5 - 'LSF_ENVDIR' Local Command Execution

source: https://www.securityfocus.com/bid/7655/info It has been reported that Load Sharing Facility LSF does not properly handle input in environment variables. Because of this, an attacker may be able to gain escalated privileges on a vulnerable system. LSF 5.1 'lsadmin' local root exploit...

GLIBC locale - Format Strings

/ su.c by xp, modified by logikal@efnet - tested on redhat 5 - 7 / include include include include include include include include char shellcode = "\x31\xc0\x83\xc0\x17\x31\xdb\xcd\x80\xeb" "\x30\x5f\x31\xc9\x88\x4f\x17\x88\x4f\x1a" "\x8d\x5f\x10\x89\x1f\x8d\x47\x18\x89\x47"...

Solaris 2.x/7.0/8 - Derived 'login' Remote Buffer Overflow

source: https://www.securityfocus.com/bid/3681/info The 'login' program is used in UNIX systems to authenticate users with a username and password. The utility is typically invoked at the console, by 'telnetd', 'rlogind', and if configured to do so, SSH. Versions of 'login' descended from System ...

multiple buffer overflows in xboing

Steve Kemp reports in a Debian bug submission: Due to improper bounds checking it is possible for a malicious user to gain a shell with membership group 'games'. The binary is installed setgid games. Environmental variables are used without being bounds-checked in any way, from the source code:...

CVE-2002-1632

Oracle 9i Application Server 9iAS installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via 1 info.jsp, 2 printenv, 3 echo, or 4 echo2...

CVE-2002-2002

Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows attackers to execute arbitrary code via long 1 LANG and 2 LOCPATH environment variables...