2624 matches found
PT-2001-1319 · Gtk · Gtk+ Library
Name of the Vulnerable Software and Affected Versions: GTK+ library affected versions not specified Description: The issue allows local users to specify arbitrary modules via the GTK MODULES environmental variable. This could potentially allow local users to gain privileges if GTK+ is used by a...
SCO OpenServer 5.0.5 - Env Local Stack Overflow
SCO OpenServer 5.0.5 - Env Local Stack Overflow / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: SCO OpenServer mscreen ...
GTK+ 1.2.8 - Arbitrary Loadable Module Execution
// source: https://www.securityfocus.com/bid/2165/info GTK+ is the Gimp Toolkit, freely available to the public and maintained by the GTK Development Team. A problem exists in the Gimp Toolkit that could allow a user elevated privileges. The problem occurs in the ability to load modules with the...
BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation
/ BSDiincmh buffer overflow, by [email protected]. this is will give you euid=0root on BSDi/3.0 systems. / define PATH "/usr/contrib/mh/bin/inc" / path to inc on BSDi/3.0 / define BUFFER 2048 / no need to change this. / define DEFAULTOFFSET -7000 / generalized offset. / static char exec=...
GLIBC (via /bin/su) Local Root Exploit
Exploit for linux platform in category local exploits ====================================== GLIBC via /bin/su Local Root Exploit ====================================== / Working exploit for glibc executing /bin/su To exploit this i have used a technique that overwrites the .dtors section of...
RedHat 0.4 b15 restore - Insecure Environment Variables
RedHat 0.4 b15 restore - Insecure Environment Variables source: https://www.securityfocus.com/bid/1914/info restore is a program for backup and recovery procedures, distributed with the RedHat Linux Operating System. A vulnerability exists that could allow a user elevated permissions. The problem...
RedHat 0.4 b15 restore - Insecure Environment Variables
source: https://www.securityfocus.com/bid/1914/info restore is a program for backup and recovery procedures, distributed with the RedHat Linux Operating System. A vulnerability exists that could allow a user elevated permissions. The problem occurs in the RSH environment variable. restore is...
XFree86 3.3.5/3.3.6 - Xlib Display Buffer Overflow
source: https://www.securityfocus.com/bid/1805/info A vulnerability exists in xlib, the C language interface to the X Window System protocol. When applications linked to the xlib library are run, user-supplied values for the DISPLAY environment variable and the command-line argument -display are...
Серьезная уязвимость многих Unix через locale в glibc
Функции работы с locale позволяют пользователям создавать пользовательские отображения строк, при этом не проверяется наличие форматных символов. Функции locale используются многими suid-приложениями. В некоторых случаях проблема становится удаленной из-за некорректной обработки переменных...
OpenBSD 2.x - fstat Format String
OpenBSD 2.x - fstat Format String // source: https://www.securityfocus.com/bid/1746/info fstat is a program shipped with BSD unix variants that is used to list the open files on a system. It is installed sgid kmem so it can access information about open files from the kernel memory structures. A...
Дырка в catopen (libc)
В дополнение к ошибке форматной строки в catopen/setlocale в catopen так же имеется переполнение буфера при разборе локальных переменных окружения...
telnet and rlogin URLs disclose sensitive information, including Environment variables
Overview Some telnet clients may disclose sensitive information in environment variables Description Web browsers can be configured to respond to certian protocol types through the use of a helper application. In this case, web browsers can respond to telnet: URLs with the use of a helper...
tco.txt
Synnergy Laboratories Advisory SLA-2000-14 NAME BSD/Linux telnet client overflow AFFECTED Linux Debian Redhat Mandrake Slackware possibly others BSD FreeBSD possible others SYNOPSIS Synnergy Labs has found a bug in the telnet client that causes a stack overflow by filling the DISPLAY environment...
Libc locale - Local Privilege Escalation (2)
Libc locale - Local Privilege Escalation 2 / source: https://www.securityfocus.com/bid/1634/info ectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...
CVE-2000-0331
CVE-2000-0331 affects Microsoft CMD.EXE on Windows NT and Windows 2000. The vulnerability is a buffer overflow caused by a long environment variable, enabling a local user to cause a denial of service. The available documents provide the root cause and impact but do not specify a remediation or p...
CVE-2000-0331
Buffer overflow in Microsoft command processor CMD.EXE for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability...
IRIX 5.25.36.x - TelnetD Environment Variable Format String
IRIX 5.25.36.x - TelnetD Environment Variable Format String // source: https://www.securityfocus.com/bid/1572/info A vulnerability exists in the telnet daemon shipped with Irix versions 6.2 through 6.5.8, and in patched versions of the telnet daemon in Irix 5.2 through 6.1, from Silicon Graphics...
Дырка в BRU Backup
имя лог-файла определяется переменной среды окружения $ BRUEXECLOG=/etc/passwd, что позволяет переписать любой файл в системе, т.к. приложение suid root...
BRU Vulnerability
BRU backup software Vulnerability: Description: You can change the log file BRU uses by changing the BRUEXECLOG environment variable. Since bru is setuid root you can append to any file on the system. Exploitation: $ BRUEXECLOG=/etc/passwd $ export BRUEXECLOG $ bru -V ' comsec::0:0::/:/bin/sh ' $...
BRU 15.116.0 - BRUEXECLOG Environment Variable
BRU 15.116.0 - BRUEXECLOG Environment Variable source: https://www.securityfocus.com/bid/1321/info A vulnerability exists in BRU, the Backup and Restore Utility, from Enhanced Software Technologies. By setting the value of the BRUEXECLOG environment variable, it is possible to an attack to alter...