Security Update: [CSSA-2001-037.0] Linux - libdb buffer overflow problem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Caldera International, Inc. Security Advisory Subject: Linux - libdb buffer overflow problem Advisory number: CSSA-2001-037.0 Issue date: 2001, October 30 Cross reference: 1. Problem Description Due to a configuration mistake in the libdb1 package...

CVE-1999-1166

Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory...

CVE-1999-1173

Corel Word Perfect 8 for Linux creates a temporary working directory with world-writable permissions, which allows local users to 1 modify Word Perfect behavior by modifying files in the working directory, or 2 modify files of other users via a symlink attack...

qpopper and pam.d

Hello, Take a look at the two sessions I have with Qpopper on a Redhat Linux 7.x box from an RPM package of version 4.0.1. Existing account: root@bart /etc telnet 10.10.10.1 110 Trying 10.10.10.1... Connected to 10.10.10.1. Escape character is '^'. +OK ready [email protected] user...

Security Update: [CSSA-2001-026.0] Linux - docview local httpd exploit

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Caldera International, Inc. Security Advisory Subject: Linux - docview local httpd exploit Advisory number: CSSA-2001-026.0 Issue date: 2001, July 17 Cross reference: 1. Problem Description Docview is a set of CGI scripts providing documentation over...

CVE-2001-1245

Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name...

Проблема с подменой памяти suid-процесса в linux (memory spoofing)

Закрыв fd 0, затем открыв его как /proc/PID/mem, и сместившись по нужному адресу, можно вызвать внешнюю suid-программу, можно "заслать" вызванному процессу на стандартный ввод данные из его собственной памяти...

CVE-2000-0315

traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks...

GLIBC 2.1.3 - LD_PRELOAD Local Privilege Escalation

GLIBC 2.1.3 - LDPRELOAD Local Privilege Escalation !/bin/tcsh przyklad wykorzystania dziury w LDPRELOAD shadow tested on redhat 6.0, should work on others if -e /etc/initscript echo uwaga: /etc/initscript istnieje cd /lib umask 0 setenv LDPRELOAD libSegFault.so setenv SEGFAULTOUTPUTNAME...

Itetris 1.6.11.6.2 - Privileged Arbitrary Command Execution

Itetris 1.6.11.6.2 - Privileged Arbitrary Command Execution // source: https://www.securityfocus.com/bid/2139/info Itetris, or "Intelligent Tetris", is a clone of the popular Tetris puzzle game for linux systems. The svgalib version of Itetris is installed setuid root so that it may access video...

LPRng (RedHat 7.0) - lpd Format String

LPRng RedHat 7.0 - lpd Format String / Copyright c 2000 - Security.is The following material may be freely redistributed, provided that the code or the disclaimer have not been partly removed, altered or modified in any way. The material is the property of security.is. You are allowed to adopt th...

LPRng 3.6.22/23/24 Remote Root Exploit

Exploit for linux platform in category remote exploits ====================================== LPRng 3.6.22/23/24 Remote Root Exploit ====================================== / LPRng remote root exploit for x86 Linux 9/27/00 - sk8 tested on compiled LPRng 3.6.22/23/24 / include include char sc=...

Slackware Linux - usrbinppp-off Insecure tmp Call

Slackware Linux - usrbinppp-off Insecure tmp Call !/bin/sh In SlackWare Linux the script /usr/bin/ppp-off writes the output of 'ps x' to /tmp/grep.tmp. Since root is the user that runs ppp-off, a non-privileged user could create a link from /tmp/grep.tmp to any fileie: /etc/issue, thus when root...

CVE-2000-0566

makewhatis in Linux man package allows local users to overwrite files via a symlink attack...

CVE-2000-0668

pamconsole PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled...

DST2K0042.txt

----- Forwarded message from "Whitehouse, Ollie" ----- Approved-By: [email protected] Delivered-To: [email protected] Delivered-To: [email protected] X-Mailer: Internet Mail Service 5.5.2650.21 Date: Thu, 28 Sep 2000 17:13:46 +0100 Reply-To: "Whitehouse, Ollie" From:...

klogd.exploit.txt

-----BEGIN PGP SIGNED MESSAGE----- Klogd Exploit Using Envcheck Release Date: 20000925 Envcheck http://home.cern.ch/cons/security/ is a Linux/x86 kernel module which strips dangerous environment variables before executing a new program, and which can be used to log these probably threatening...

Mandrake 7.07.1 RedHat Kon2 0.3.9 - usrbinfld Input File Overflow

Mandrake 7.07.1 RedHat Kon2 0.3.9 - usrbinfld Input File Overflow / source: https://www.securityfocus.com/bid/1371/info KON Kanji On Console is a package for displaying Kanji text under Linux and comes with two suid binaries which are vulnerable to buffer overflows. "fld", one of the vulnerable...

[SECURITY] New version of userv released

------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman July 27, 2000 - ------------------------------------------------------------------------ Package : userv Problem type : local...

CVE-2000-0607

Buffer overflow in fld program in Kanji on Console KON package on Linux may allow local users to gain root privileges via an input file containing long CHARSETREGISTRY or CHARSETENCODING settings...