4892 matches found
SCO OpenServer Unix multiple shells buffer overflow
termsh, atcronsh, auditsh buffer overflow during environment variables parsing...
CVE-2004-1051
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...
DEBIAN-CVE-2004-1051
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...
CVE-2004-1051
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...
GLSA-200502-31 : uim: Privilege escalation vulnerability
The remote host is affected by the vulnerability described in GLSA-200502-31 uim: Privilege escalation vulnerability Takumi Asaki discovered that uim insufficiently checks environment variables. setuid/setgid applications linked against libuim could end up executing arbitrary code. This...
CVE-2005-0503
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges...
CVE-2005-0503
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges...
CVE-2005-0503
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges...
DEBIAN-CVE-2005-0503
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges...
uim -- privilege escalation vulnerability
The uim developers reports: Takumi ASAKI discovered that uim always trusts environment variables. But this is not correct behavior, sometimes environment variables shouldn't be trusted. This bug causes privilege escalation when libuim is linked against setuid/setgid application. Since GTK+...
GNU a2ps ""Anything to PostScript"" Local Exploit (not suid)
No description provided by source. / Not added to Local Non Poc section /str0ke / include stdio.h include stdlib.h include errno.h // by lizard / lizstyleatgmail.com // greets go to slider/trog for helpin me // not suid by default ; define VULNTHING "/usr/bin/a2ps" define DEFRET 0xbffffffa -...
CVE-2004-1363
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed...
CVE-2004-1058
Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline...
CVE-2004-1058
Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline...
Solaris 7/8/9 CDE LibDTHelp Local Buffer Overflow Exploit
Exploit for solaris platform in category local exploits ========================================================= Solaris 7/8/9 CDE LibDTHelp Local Buffer Overflow Exploit ========================================================= / $Id: raptorlibdthelp.c,v 1.1 2004/12/04 14:44:38 raptor Exp $...
CVE-2004-1058
Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline...
CVE-2004-1058
CVE-2004-1058 is a race-condition vulnerability in the Linux kernel that can allow a local user to read environment variables of another process that is still spawning via /proc/.../cmdline. The initial description specifies Linux kernel 2.6 as affected. Connected advisories confirm this CVE is r...
DSA-596-2 sudo - missing input sanitising
Bulletin has no description...
CVE-2004-1051
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...
USN-28-1: sudo vulnerability
Liam Helmer discovered an input validation flaw in sudo. When the standard shell "bash" starts up, it searches the environment for variables with a value beginning with "". For each of these variables a function with the same name is created, with the function body filled in from the environment...