ld.so bug - LD_DEBUG_OUTPUT follows symlinks

Hi, ld.so from glibc2 doesn't unset variables LDDEBUGOUTPUT and LDDEBUG when running suid. If program calls setuid0 and then fork, child process will follow prepared symlink $LDDEBUGOUTPUT.$pid and overwrites any file in system. Jakub Vlasek...

CVE-2000-0724

The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files...

CVE-2000-0724

CVE-2000-0724 involves the go-gnome Helix GNOME pre-installer. The vulnerability arises from a symlink attack in /tmp that lets local users overwrite arbitrary files, including uudecode, snarf, and some installer files. The described impact is complete confidentiality, integrity, and availability...

Дырка в keydebugd в True64 Unix

ПРотокол позволяет перезаписать любой файл неавторизованным пользователем с привилегией root...

MDKSA-2000:041 - xpdf update

Linux-Mandrake Security Update Advisory Package name: xpdf Date: August 29th, 2000 Advisory ID: MDKSA-2000:041 Affected versions: 6.0, 6.1, 7.0, 7.1 Problem Description: There is a potential race condation when using tmpnam and fopen in xpdf versions prior to 0.91. This exploit can be only used a...

CVE-2000-0614

Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output...

CVE-2000-0614

The CVE-2000-0614 entry concerns the TNEF program on Linux systems, where remote attackers can overwrite arbitrary files by sending TNEF-encoded compressed attachments that specify absolute paths for decompressed output. The NVD metrics indicate high severity with network attack vector, no authen...

Multiple bugs in Alibaba 2.0

Application: Alibaba 2.0 Problem Type: Multiple Problems3 Author: [email protected] Platforms: Windows 95/98/NT Vendor Status: Not Informed Vendor Website: http://csm.alcyonis.fr Product Description ------------------- Alibaba is a fully functional http server for windows 95/98/NT. It...

alibaba.txt

Application: Alibaba 2.0 Problem Type: Multiple Problems3 Author: Prizm Platforms: Windows 95/98/NT Vendor Status: Not Informed Vendor Website: http://csm.alcyonis.fr Product Description ------------------- Alibaba is a fully functional http server for windows 95/98/NT. It supports cgi among many...

CVE-2000-0387

The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files...

CVE-2000-0409

CVE-2000-0409 affects Netscape 4.73 and earlier. When importing a new certificate, Netscape follows symlinks, allowing a local user to overwrite files owned by the user importing the certificate. The available documents state the issue and the affected behavior but do not specify exact vulnerable...

CVE-2000-0387

CVE-2000-0387 affects the FreeBSD ports golddig makelev program, where local users can overwrite arbitrary files. The vulnerability is a local issue with partial integrity impact and a low base score (2.1). The available documents do not provide exploitation details, affected versions beyond the ...

Дырка в Apache::ASP

Один из файлов с примерами ./site/eg/source.asp позволяет перезаписать файл в локальной директории...

CVE-2000-0614

Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output...

IRIX WorkShop cvconnect(1M) Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Silicon Graphics Inc. Security Advisory Title: IRIX WorkShop cvconnect1M Vulnerability Number: 20000601-01-P Date: June 20, 2000 Silicon Graphics provides this information freely to the SGI user community for its consideration, interpretation, implementation and...

Дырка в IRIX Workshop

Утилита cvconnect позволяет переписать любой файл в системе...

HP Security vulnerability in the man command

Systems Affected: HPUX 10.20 and 11.00 and probably other revs. Short Description: The 'man' command potentially allows attackers to overwrite any arbitrary file on the system via symlink bugs. I notified HP on 5-8-2000 and I've been told that a patch is forthcoming soon. No HP advisory has come...

CVE-2000-0468

man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack...

HP-UX 10.20/11.0 - man '/tmp' Symlink

source: https://www.securityfocus.com/bid/1302/info The programmers of the 'man' command on various HPUX releases have made several fatal mistakes that allow an attacker to trivially set a trap that could result in any arbitrary file being overwritten on the system when root runs the 'man' comman...

HP-UX 10.2011.0 - man tmp Symlink

HP-UX 10.2011.0 - man tmp Symlink source: https://www.securityfocus.com/bid/1302/info The programmers of the 'man' command on various HPUX releases have made several fatal mistakes that allow an attacker to trivially set a trap that could result in any arbitrary file being overwritten on the syst...