CVE-2002-2017

sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd...

CVE-2002-2018

CVE-2002-2018 affects SAS/Base 8.0. The affected component is sastcpd; a local user can set the NETENCRALG environment variable, which causes a segmentation fault and may grant privileges. Exploit details and remediation/patch information are not provided in the connected documents.

FreeBSD : portupgrade -- insecure temporary file handling vulnerability (22f00553-a09d-11d9-a788-0001020eed82)

Simon L. Nielsen discovered that portupgrade handles temporary files in an insecure manner. This could allow an unprivileged local attacker to execute arbitrary commands or overwrite arbitrary files with the permissions of the user running portupgrade, typically root, by way of a symlink attack...

FreeBSD : golddig -- local buffer overflow vulnerabilities (949c470e-528f-11d9-ac20-00065be4b5b6)

Two buffer overflow vulnerabilities where detected. Both issues can be used by local users to gain group games privileges on affected systems. The first overflow exists in the map name handling and can be triggered when a very long name is given to the program during command-line execution The...

CVE-2005-2072

The runtime linker ld.so in Solaris 8, 9, and 10 trusts the LDAUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by 1 modifying LDAUDIT to reference malicious code and possibly 2 using a long value for LDAUDIT...

CVE-2002-1687

Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable...

Low: Red Hat Security Advisory: glibc security update

Updated glibc packages that address several bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The GNU libc packages known as glibc contain the standard C libraries used by applications. It was discovered that the use of LDDEBUG...

CVE-2005-1336

Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable...

CVE-2005-1336

Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable...

CVE-2005-1394

Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to 1 wservice or 2 lockmgr...

CVE-2005-1395

CVE-2005-1395 affects Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier. The vulnerability is a buffer overflow that can allow local users to gain privileges when a long environment variable (XAPPLRESLANGPATH or XAPPLRESDIR) is set or via a long command line argument. The Red Hat and NVD entries confirm...

CVE-2005-1394

Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to 1 wservice or 2 lockmgr...

CVE-2005-1019

Buffer overflow in the getConfig function in Aeon 0.2a and earlier allows local users to gain privileges via a long HOME environment variable...

CVE-2005-0497

ADP Elite System Max 9000 allows remote authenticated users to gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory...

CVE-2005-1395

Buffer overflow in Ce/Ceterm aka ARPUS/Ce 2.5.4 and earlier may allow local users to gain privileges via a long 1 XAPPLRESLANGPATH or 2 XAPPLRESDIR environment variable, or 3 command line argument...

PT-2005-2391 · Esri · Esri Arcinfo Workstation

Name of the Vulnerable Software and Affected Versions: ESRI ArcInfo Workstation version 9.0 Description: The issue allows local users to gain privileges via format string specifiers in the ARCHOME environment variable, affecting components such as wservice or lockmgr. Recommendations: For ESRI...

ARPUSCe - Local Overflow (setuid) (Perl)

ARPUSCe - Local Overflow setuid Perl !/usr/bin/perl -w Setuid ARPUS/ce exploit by KF - kflistsatdigitalmunitiondotcom - 4/21/05 Copyright Kevin Finisterre kfinisterre@threat:/tmp$ ./ceex.pl sh-2.05b id uid=0root gid=1000kfinisterre groups=20dialout,24cdrom,25floppy,29audio,44video,1000kfinisterre...

CVE-2001-1457

Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTPUSERAGENT CGI environment variable...

CVE-2003-0061

Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable...

portupgrade -- insecure temporary file handling vulnerability

Simon L. Nielsen discovered that portupgrade handles temporary files in an insecure manner. This could allow an unprivileged local attacker to execute arbitrary commands or overwrite arbitrary files with the permissions of the user running portupgrade, typically root, by way of a symlink attack...