SGI IRIX <= 6.4 rmail Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/460/info A vulnerability exists in the rmail utility, included by SGI with it's Irix operating system. By failing to sanity check the contents of an environment variable, arbitrary commands may be executed with gid mail...

BRU 15.1/16.0 BRUEXECLOG Environment Variable Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1321/info A vulnerability exists in BRU, the Backup and Restore Utility, from Enhanced Software Technologies. By setting the value of the BRUEXECLOG environment variable, it is possible to an attack to alter and create...

MTink 0.9.x Printer Status Monitor Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6656/info mtink is prone to a locally exploitable buffer overflow condition. This is due to insufficient bounds checking of the HOME environment variable. mtink is reportedly installed setgid 'sys' on Mandrake Linux, so i...

Suidperl 5.00503 Mail Shell Escape Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1547/info The interaction between some security checks performed by suidperl, the setuid version of perl, and the /bin/mail program creates a scenario that allows local malicious users to execute commands with root...

Sudo Perl 1.6.x Environment Variable Handling Security Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15394/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling the 'PERLLIB', 'PERL5LIB', and 'PERL5OPT' environment...

S.u.S.E. Linux 6.2 sscw HOME Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/656/info A buffer overflow vulnerability in sscw's handling of the HOME environment variable allows local users to gain root privileges. !/bin/bash Linux x86 exploit for /usr/bin/sccw on SuSE 6.2 -Brock Tellier...

Firebird 1.0 GDS_Inet_Server Interbase Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7546/info Interbase is a database distributed and maintained by Borland. It is available for Unix and Linux operating systems. As Firebird is based on Borland/Inprise Interbase source code, it is very likely that Interbas...

Sudo 1.6.x Environment Variable Handling Security Bypass Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. A local attacker with the...

Libc locale exploit (2)

No description provided by source. / source: http://www.securityfocus.com/bid/1634/info ectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...

Linuxconf 1.1.x/1.2.x Local Environment Variable Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. A buffer overflow vulnerability has...

Linuxconf 1.1.x/1.2.x Local Environment Variable Buffer Overflow Vulnerability (3)

No description provided by source. source: http://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. A buffer overflow vulnerability has...

Linuxconf 1.1.x/1.2.x Local Environment Variable Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. A buffer overflow vulnerability has...

davfs2 1.4.6/1.4.7 - Local Privilege Escalation Exploit

No description provided by source. davfs2 1.4.6/1.4.7 local privilege escalation exploit Bug Description: davfs2 is a Linux utility which allows OS users to mount a remote webdav server as a local partition. The bug is well documented at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723034...

Appfluent Database IDS < 2.1.0.103 (Env Variable) Local Exploit

No description provided by source...

Caldera OpenLinux 2.2 ,Debian 2.1/2.2,RedHat <= 6.0 Vixie Cron MAILTO Sendmail Vulnerability

No description provided by source. Caldera OpenLinux 2.2 ,Debian Linux 2.1/2.2,RedHat Linux = 6.0 Vixie Cron MAILTO Sendmail Vulnerability source: http://www.securityfocus.com/bid/611/info Failure by the vixie cron daemon from validating the contents of a user supplied environment variable allow ...

OpenSSL and Breaking UTF-8 Change (fixed in Node v0.8.27 and v0.10.29)

OpenSSL and Breaking UTF-8 Change fixed in Node v0.8.27 and v0.10.29 Today we are releasing new versions of Node: node-v0.8.27 node-v0.10.29 First and foremost these releases address the current OpenSSL vulnerability CVE-2014-0224, for both 0.8 and 0.10 we've upgraded the version of the bundled...

openSUSE Security Update : openssl (openSUSE-SU-2013:1630-1)

This update disables compression in openssl by default, as the varying sizes resulting from compression can be used to retrieve plaintext in various cases. CRIME attack CVE-2012-4929. This update introduces a environment variable OPENSSLNODEFAULTZLIB which can be set to 'no' to reenable compressi...

CVE-2014-3230

The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the 1 HTTPSCADIR or 2 HTTPSCAFILE environment variable...

CVE-2011-3628

Untrusted search path vulnerability in pammotd aka the MOTD module in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...

DEBIAN-CVE-2011-3628

Untrusted search path vulnerability in pammotd aka the MOTD module in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...