CVE-2005-1019

CVE-2005-1019 affects Aeon 0.2a and earlier, where a buffer overflow in the getConfig function lets local users gain privileges via a long HOME environment variable. The CVSSv2 base score is 7.2 (HIGH) with Local attack vector and no authentication required; confidentiality, integrity, and availa...

CVE-2005-1019

Buffer overflow in the getConfig function in Aeon 0.2a and earlier allows local users to gain privileges via a long HOME environment variable...

CVE-2005-0351

Buffer overflow in 1 termsh, 2 atcronsh, and 3 auditsh in SCO OpenServer 5.0.6 and 5.0.7 might allow local users to execute arbitrary code via a long HOME environment variable...

CVE-2005-0351

Buffer overflow in 1 termsh, 2 atcronsh, and 3 auditsh in SCO OpenServer 5.0.6 and 5.0.7 might allow local users to execute arbitrary code via a long HOME environment variable...

CVE-2002-1604

Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to 1 csh, 2 dtsession, 3 dxsysinfo, 4 imapd, 5 inc, 6 uucp, 7 uux, 8 rdist, or 9 deliver...

CVE-2002-1605

Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows attackers to execute arbitrary code via a long XKBCHARSET environment variable to 1 dxpause, 2 dxconsole, or 3 dtsession...

Apple MacOS X environment variable buffer overflow

Buffer overflow on oversized CFCHARSETPATH variable...

CVE-2005-0716

Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CFCHARSETPATH environment variable...

CVE-2004-0428

Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact...

CVE-2004-0428

CVE-2004-0428 affects CoreFoundation on Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, tied to the handling of an environment variable. Attack vectors and impact are unknown in the provided documents; no remediation details are present in the supplied sources.

CVE-2004-1033

Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable...

uim: Privilege escalation vulnerability

Background uim is a simple, secure and flexible input method library. Description Takumi Asaki discovered that uim insufficiently checks environment variables. setuid/setgid applications linked against libuim could end up executing arbitrary code. This vulnerability only affects immodule-enabled ...

[SA13981] uim Environment Variable Trust Privilege Escalation

TITLE: uim Environment Variable Trust Privilege Escalation SECUNIA ADVISORY ID: SA13981 VERIFY ADVISORY: http://secunia.com/advisories/13981/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: uim 0.x http://secunia.com/product/4680/ DESCRIPTION: Takumi Asaki has...

CVE-2005-0497

ADP Elite System Max 9000 allows remote authenticated users to gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory...

GLSA-200502-13 : Perl: Vulnerabilities in perl-suid wrapper

The remote host is affected by the vulnerability described in GLSA-200502-13 Perl: Vulnerabilities in perl-suid wrapper perl-suid scripts honor the PERLIODEBUG environment variable and write to that file with elevated privileges CAN-2005-0155. Furthermore, calling a perl-suid script with a very...

GNU a2ps - Anything to PostScript Not SUID Local Overflow

/ Not added to Local Non Poc section /str0ke / include include include // by lizard / lizstyleatgmail.com // greets go to slider/trog for helpin me // not suid by default ; define VULNTHING "/usr/bin/a2ps" define DEFRET 0xbffffffa - strlensc - strlenVULNTHING define xnullbitch 1100 //im not a asm...

xpcd PhotoCD viewer buffer overflow

Buffer overflow in xpcd-svga on oversized HOME environment variable...

Important: Red Hat Security Advisory: perl security update

Updated Perl packages that fix several security issues are now available for Red Hat Enterprise Linux 3. Perl is a high-level programming language commonly used for system administration utilities and Web programming. Kevin Finisterre discovered a stack based buffer overflow flaw in sperl, the Pe...

Exim <= 4.42 Local Root Exploit

No description provided by source. !/bin/sh Local Lame R00T sploit for exim = 4.42 by Dark Eagle My First Coding Release In bash Unl0ck Research Team More Effective than C-code. @env.c content: include stdio.h include string.h int mainint argc, char argv char addrptr; addrptr = getenvargv1;...

Exim 4.42 - Local Privilege Escalation

Exim 4.42 - Local Privilege Escalation !/bin/sh Local Lame R00T sploit for exim include int mainint argc, char argv char addrptr; addrptr = getenvargv1; printf"%s @ %p\n", argv1, addrptr; return 0; gcc @env.c -o @env cp @env /usr/bin cd /usr/exim/bin CODE=perl -e 'print...