CVE-1999-1477

Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack...

CVE-1999-1477

CVE-1999-1477: Buffer overflow in GNOME libraries 1.0.8 permits a local user to gain root access via a long --espeaker argument, observed in programs such as nethack. The available documents confirm the affected component is GNOME libraries (version 1.0.8) and the attack requires local access; ro...

Aladdin Ghostscript LD_RUN_PATH environment variable allows libraries to be loaded from current directory

Overview Alladin Ghostscript, a previewer for postscript files, uses an insecure value for the LDRUNPATH environment variable. This allows attackers to supply malicious libraries to be loaded from the current directory. Description Alladin Ghostscript is a previewer for postscript files. In...

ld.so fails to unset LD_PRELOAD before executing suid root programs

Overview ld.so fails to unset LDPRELOAD before executing suid root programs, allowing loading of insecure or malicious libraries. Description ld.so, the UNIX/LINUX dynamic loader, fails in some conditions and some operating system releases to unset LDPRELOAD before loading suid root programs for...

glibc does not check SUID bit on libraries in /etc/ld.so.cache

Overview The GNU libc library fails to perform a check for the SETUID bit for cached libraries in the /etc/ld.so.cache file. As a result, malicious users may create or modify privileged files. Description The GNU libc library allows preloading libraries via the LDPRELOAD environment variable,...

Дырка в PHP 4 imap module

Переполнение буфера при работе с внешними библиотеками...

[SECURITY] [DSA 037-1] New versions of Athena Widget replacement libraries available

---------------------------------------------------------------------------- Debian Security Advisory DSA-037-1 [email protected] http://www.debian.org/security/ Martin Schulze March 7, 2001 - ---------------------------------------------------------------------------- Package : nextaw, xaw3d,...

glibc 2.2 local vulnerability on setuid binaries

glibc-2.2 contains a local vulnerability that affects all setuid root binaries. Any user on affected systems will be able to read any file on the system through a simple process: The user sets the RESOLVHOSTCONF environment variable to the name of the file that they wish to read, then runs any...

CVE-2000-1163

ghostscript before 5.10-16 uses an empty LDRUNPATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript...

Solaris/SPARC 2.7 lpset exploit (well not likely !)

Hi, lpset seems to use strcat to pass the argument for -r flag /usr/lib/print/lib/../../../../tmp/foo and appends .so to the end. in this case /tmp/foo.so is going to be dlopen but there is a special case /usr/lib/print/lib directory has to exist. xploit shell script is attached. $ uname -a SunOS...

SCO Open Server 5.0.5 IRIX 6.2 ibX11X11 ToolkitAthena Widget Library - Local Buffer Overflow

SCO Open Server 5.0.5 IRIX 6.2 ibX11X11 ToolkitAthena Widget Library - Local Buffer Overflow // source: https://www.securityfocus.com/bid/884/info SCO Openserver and SGI IRIX 6.2 confirmed, possibly others are vulnerable to several buffer overflows in various shared libraries related to the X...

SCO Open Server 5.0.5 / IRIX 6.2 ibX11/X11 Toolkit/Athena Widget Library - Local Buffer Overflow

// source: https://www.securityfocus.com/bid/884/info SCO Openserver and SGI IRIX 6.2 confirmed, possibly others are vulnerable to several buffer overflows in various shared libraries related to the X window system. This means that all programs which link to these libraries could be vulnerable to...

CVE-1999-0073

Telnet allows a remote client to specify environment variables including LDLIBRARYPATH, allowing an attacker to bypass the normal system libraries and gain root access...

CVE-1999-0073

CVE-1999-0073 describes a vulnerability where a remote Telnet client can specify environment variables, including LD_LIBRARY_PATH, allowing an attacker to bypass normal system libraries and gain root access. The connected Red Hat, CVE, EUVD, and CVE list entries corroborate this description. The ...

linux_GNOME_exploit.txt

Greetings, Virtually any program using the GNOME libraries is vulnerable to a buffer overflow attack. The attack comes in the form: /path/to/gnome/prog --enable-sound --espeaker=$80bytebuffer The following exploit should work against any GNOME program, though I tried it on the irony...

Mandriva Linux Mandrake 6.0 Gnome Libs 1.0.8 - espeaker Local Buffer Overflow

Mandriva Linux Mandrake 6.0 Gnome Libs 1.0.8 - espeaker Local Buffer Overflow source: https://www.securityfocus.com/bid/663/info A buffer overflow vulnerabilityin GNOME's shared libraries handling of the 'espeaker' command line argument may allow local users to attack setuid binaries linked again...

Mandriva Linux Mandrake 6.0 / Gnome Libs 1.0.8 - 'espeaker' Local Buffer Overflow

source: https://www.securityfocus.com/bid/663/info A buffer overflow vulnerabilityin GNOME's shared libraries handling of the 'espeaker' command line argument may allow local users to attack setuid binaries linked against these libraries to obtain root access. Calling a program linked against GNO...

CVE-1999-1477

Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack...

SGI IRIX 6.3 - xrm Buffer Overflow

// source: https://www.securityfocus.com/bid/334/info A vulnerability exists in the X libraries as supplied with Silicon Graphics IRIX operating system. By placing a carefully constructed buffer as the argument to the -xrm option, an attacker can execute arbitrary code. / Exploit by David Hedley...

SGI IRIX 6.3 - xrm Buffer Overflow

SGI IRIX 6.3 - xrm Buffer Overflow // source: https://www.securityfocus.com/bid/334/info A vulnerability exists in the X libraries as supplied with Silicon Graphics IRIX operating system. By placing a carefully constructed buffer as the argument to the -xrm option, an attacker can execute arbitra...