GLSA-200408-24 : Linux Kernel: Multiple information leaks

The remote host is affected by the vulnerability described in GLSA-200408-24 Linux Kernel: Multiple information leaks The Linux kernel allows a local attacker to obtain sensitive kernel information by gaining access to kernel memory via several leaks in the /proc interfaces. These vulnerabilities...

Linux Kernel: Multiple information leaks

Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description The Linux kernel allo...

Apache Httpd < 2.0.51 : Environment variable expansion flaw

A buffer overflow was found in the expansion of environment variables during configuration file parsing. This issue could allow a local user to gain the privileges of a httpd child if a server can be forced to parse a carefully crafted .htaccess file written by a local user...

Mandrake Linux Security Advisory : webmin (MDKSA-2001:059)

Recently, Caldera found that when webmin starts a system daemon from the web frontend it does not clear its environment variables. Since these variables contain the authorization of the administrator, any daemon would also get these variables. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

FreeBSD : lbreakout2 vulnerability in environment variable handling (87)

The following package needs to be updated: lbreakout2 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgad4f6ca4672011d89fb5000a95bc6fae.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

CVE-2004-0428

Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact...

CVE-2003-1033

The 1 instdbmsrv and 2 instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious...

CVE-2004-0158

Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to 1 editor.c, 2 theme.c, 3 manager.c, 4 config.c, 5 game.c, 6 levels.c, or 7 main.c...

CVE-2004-0158

Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to 1 editor.c, 2 theme.c, 3 manager.c, 4 config.c, 5 game.c, 6 levels.c, or 7 main.c...

CVE-2004-0158

Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to 1 editor.c, 2 theme.c, 3 manager.c, 4 config.c, 5 game.c, 6 levels.c, or 7 main.c...

DEBIAN-CVE-2004-0103

crawl before 4.0.0 beta23 does not properly "apply a size check" when copying a certain environment variable, which may allow local users to gain privileges, possibly as a result of a buffer overflow...

CVE-2004-0103

crawl before 4.0.0 beta23 does not properly "apply a size check" when copying a certain environment variable, which may allow local users to gain privileges, possibly as a result of a buffer overflow...

LGames LBreakout2 2.2.2 - Multiple Environment Variable Buffer Overflow Vulnerabilities

LGames LBreakout2 2.2.2 - Multiple Environment Variable Buffer Overflow Vulnerabilities / source: https://www.securityfocus.com/bid/9712/info Multiple buffer overflow vulnerabilities exist in the environment variable handling of LBreakout2. The issue is due to an insufficient boundary checking of...

LGames LBreakout2 2.2.2 - Multiple Environment Variable Buffer Overflow Vulnerabilities

/ source: https://www.securityfocus.com/bid/9712/info Multiple buffer overflow vulnerabilities exist in the environment variable handling of LBreakout2. The issue is due to an insufficient boundary checking of certain environment variables used by the affected application. A malicious user may...

CVE-2004-0074

Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via 1 a long LANG environment variable, or 2 a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949...

CVE-2004-0103

crawl before 4.0.0 beta23 does not properly "apply a size check" when copying a certain environment variable, which may allow local users to gain privileges, possibly as a result of a buffer overflow...

DEBIAN-CVE-2004-2093

Buffer overflow in the opensocketout function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service crash and possibly execute arbitrary code via a long RSYNCPROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional...

CVE-2004-2131

Stack-based buffer overflow in ontape for IBM Informix Dynamic Server IDS 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable...

CVE-2004-0074

Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via 1 a long LANG environment variable, or 2 a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949...

CVE-2003-1446

Buffer overflow in the saveintofile function in save.c for Rogue 5.2-2 allows local users to execute arbitrary code with games group privileges by setting a long HOME environment variable and invoking the save game function with a tilde...