Solaris 7/8/9 CDE libDtHelp - Buffer Overflow Non-Exec Stack Privilege Escalation

Solaris 7/8/9 CDE libDtHelp - Buffer Overflow Non-Exec Stack Privilege Escalation. CVE-2003-0834. Local exploit for Solaris platform / $Id: raptorlibdthelp2.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorlibdthelp2.c - libDtHelp.so local, Solaris/SPARC 7/8/9 Copyright c 2003-2004 Marco Ivaldi...

Aspell (word-list-compress) - Command Line Stack Overflow

Aspell word-list-compress - Command Line Stack Overflow / Fuck private exploits . Fuck iranian hacking and security !! teams who are just some fucking kiddies. Fuck all "Security money makers" word-list-compress local exploit - SECU Coded by : c0d3r / root . razavi1366atyahoodotcom...

CVE-2004-1033

Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable...

CVE-2004-0238

Multiple buffer overflows in Overkill 0verkill 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the 1 loadcfg and 2 savecfg functions; possibly allow remote attackers to execute arbitrary code via long strings to 3 the sendmessage...

CVE-2004-0318

Load Sharing Facility LSF 4.x, 5.x, and 6.x uses the LSFEAUTHUID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges...

golddig -- local buffer overflow vulnerabilities

Two buffer overflow vulnerabilities where detected. Both issues can be used by local users to gain group games privileges on affected systems. The first overflow exists in the map name handling and can be triggered when a very long name is given to the program during command-line execution The...

CVE-2004-0884

CVE-2004-0884 affects the Cyrus-SASL libraries (libsasl and libsasl2) up to version 2.1.18. The vulnerability arises because these libraries trust the SASL_PATH environment variable to locate SASL plug-ins, allowing a local attacker to cause arbitrary code execution by pointing SASL_PATH to malic...

DSA-563-3 cyrus-sasl - unsanitised input

Bulletin has no description...

GLSA-200410-03 : NetKit-telnetd: buffer overflows in telnet and telnetd

The remote host is affected by the vulnerability described in GLSA-200410-03 NetKit-telnetd: buffer overflows in telnet and telnetd A possible buffer overflow exists in the parsing of option strings by the telnet daemon, where proper bounds checking is not applied when writing to a buffer...

CVE-2004-0747

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables...

GLSA-200409-18 : cdrtools: Local root vulnerability in cdrecord if set SUID root

The remote host is affected by the vulnerability described in GLSA-200409-18 cdrtools: Local root vulnerability in cdrecord if set SUID root Max Vozeler discovered that the cdrecord utility, when set to SUID root, fails to drop root privileges before executing a user-supplied RSH program. By...

cdrecord fails to set proper permissions on programs specified in RSH environment variable

Overview Cdrecord can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges. Description Cdrecord is an application used to create data or audio compact discs. Cdrecord permits the use of CD recorders on remote machine...

star fails to set proper permissions on programs specified in RSH environment variable

Overview Star can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges. Description Star is a tape archiving program similar to tar. Star permits the use of storage devices on remote machines via an access program on...

CVE-2004-0806

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges...

CVE-2004-1683

A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap...

CVE-2001-0548

CVE-2001-0548 describes a buffer overflow in Solaris 2.6/7’s dtmail MUA triggered by the MAIL environment variable, allowing local users to gain privileges. Affected component: dtmail; impact: local privilege escalation (to the mail group). Underlying cause: insufficient boundary checking of envi...

CVE-2002-1414

Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMINTEMPLATEDIR environment variable...

CVE-2003-0088

TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information...

CVE-2002-1239

The CVE-2002-1239 issue affects QNX Neutrino RTOS 6.2.0 where a setuid root packager uses external commands without full paths, causing local privilege escalation by manipulating PATH to point to a malicious cp. The underlying problem is unvalidated PATH-based execution of external binaries, enab...

CVE-2004-0089

Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable...