CVE-2002-0143

Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable...

CVE-2002-0043

This CVE affects sudo versions 1.6.0–1.6.3p7. The issue is that sudo does not properly clear the environment before calling the mail program, allowing a local user to gain root privileges by manipulating environment variables and how the mail program is invoked. Documented impact is local privile...

Another flaw in Apache?

Hello. While playing with the SetEnv directive with Apache, I noticed that httpd processes are dying with a signal 11 if the data stored in an environment variable was too long. I simply triggered the bug by creating a .htaccess file so a regular user can do it with : SetEnv DATELOCALE "..." The...

QNX RTOS 6.1 - usrphotonbinphlocale Environment Variable Buffer Overflow

QNX RTOS 6.1 - usrphotonbinphlocale Environment Variable Buffer Overflow / source: https://www.securityfocus.com/bid/4917/info The QNX phlocale utility is prone to an exploitable buffer overflow condition. This is due to insufficient bounds checking of the ABLANG environment variable. Exploitatio...

IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (2)

IBM Informix SE 7.25 sqlexec - Local Buffer Overflow 2 source: https://www.securityfocus.com/bid/4891/info Informix is an enterprise database distributed and maintained by IBM. A buffer overflow vulnerability has been reported for Informix-SE for Linux. The overflow is due to an unbounded string...

IRIX rpc/HOSTALIASES vulnerability

Malformed RPC packet can result DoS against system. Priveleged application can be overflowed by HOSTALIASES environment variable resulting to local privelege elevation...

CVE-2002-0143

Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable...

CVE-2002-0132

Buffer overflow in Chinput 3.0 allows local users to execute arbitrary code via a long HOME environment variable...

CVE-2001-1178

Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable...

CVE-2001-1091

The CVE-2001-1091 entry concerns NetBSD 1.4.x–1.5.1 where the dump and dump_lfs commands do not drop privileges properly, allowing local users to gain privileges via the RCMD_CMD environment variable. This is the stated root cause and impact. The available documents do not provide remediation det...

CVE-2001-1148

Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to 1 atcronsh, 2 auditsh, 3 authsh, 4 backupsh, 5 lpsh, 6 sysadm.menu, or 7 termsh...

CVE-2002-0125

Buffer overflow in ClanLib library 0.5 may allow local users to execute arbitrary code in games that use the library, such as 1 Super Methane Brothers, 2 Star War, 3 Kwirk, 4 Clankanoid, and others, via a long HOME environment variable...

CVE-2001-1129

The CVE-2001-1129 entry covers multiple components of Progress database 9.1C (probuild, dbutil, mprosrv, mprshut, proapsv, progres, proutil, rfutil, and prolib). The vulnerability is a local format-string flaw in the PROMSGS environment file that allows a local user to execute arbitrary code. The...

CVE-2001-0739

Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges...

CVE-2001-0833

Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLEHOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."...

CVE-1999-1385

Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable...

CVE-2002-1601

The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe directory to the CLASSPATH environment variable, which allows applets to run with higher privileges and remote attackers to gain privileges via an HTML e-mail message or a web page...

Caldera UnixWare 7.1.1 - Message Catalog Environment Variable Format String

// source: https://www.securityfocus.com/bid/4060/info UnixWare is a commercially available Unix Operating System. It was originally developed by SCO, and is now distributed and maintained by Caldera. A format string vulnerability in the locale subsystem could lead to a user gaining elevated...

CVE-2001-1041

oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace .trc file that is created in an alternate home directory identified by the ORACLEHOME environment variable...

Переполнение буфера в ddd (buffer overflow)

Переполнение буфера при разборе переменной окружения HOME...