CVE-2001-0576

The CVE-2001-0576 entry describes a local privilege escalation in SCO OpenServer 5.0–5.0.6 via a buffer overflow in the lpusers helper when processing the -u parameter. The vulnerability allows a local attacker to gain additional privileges. The primary sources here confirm the affected product (...

CVE-2001-0570

CVE-2001-0570 affects minicom 1.83.1 and earlier. The root cause is format-string handling allowing a local attacker to gain additional privileges (local, low complexity, no authentication). The impact is privilege escalation with complete confidentiality, integrity, and availability concerns as ...

2.4.x/Slackware Init script vulnerability

I posted this to the linux kernel mailing last Friday, July 13th 2001: Submitted by : Josh [email protected], lockdown [email protected] on July 16th, 2001 Vulnerability : /lib/modules/2.4.5/modules.dep Tested On : Slackware 8.0. 2.4.5 Local : Yes Remote : No Temporary Fix : umask 022 at...

Solaris 8 libsldap - Local Buffer Overflow (2)

Solaris 8 libsldap - Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/2931/info Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid...

Solaris 8 libsldap - Local Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/2931/info Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid. Libsldap contains a buffer overflow vulnerability ...

Solaris 8 libsldap - Local Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/2931/info Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid. Libsldap contains a buffer overflow vulnerability ...

CVE-2001-0259

ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file...

CVE-2001-0458

CVE-2001-0458 : Multiple buffer overflows in ePerl prior to 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands. Mandrake and Debian advisories note upgrades to 2.2.14-0.7 (or later) fix the issue; other references corroborate the vulnerability in ePerl.

CVE-2001-0458

Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands...

CVE-2001-0369

The CVE-2001-0369 entry describes a buffer overflow in the DGUX lpsched service on versions R4.20MU06 and MU02. The vulnerability allows a local attacker to gain root privileges by supplying a long command line argument (an non-existent printer name). The available documents confirm the affected ...

CVE-2001-0259

The connected sources confirm a vulnerability in SSH Communications Security SSH versions 1.2.27–1.2.30 when Secure-RPC is enabled. A local attacker can cause the system to recover the SUN-DES-1 magic phrase generated for another user, which can then decrypt that user’s private key file. This wea...

CVE-2001-0142

CVE-2001-0142 affects squid 2.3 and earlier. The issue is a local symlink/race condition that can cause local users to overwrite arbitrary files via temporary file handling in certain configurations. Impact is described as local privilege/content modification without remote access; CVSS reflects ...

CVE-2001-0141

CVE-2001-0141 affects mgetty: multiple sources confirm insecure temporary-file handling that allows local users to overwrite arbitrary files via a symlink attack in certain configurations. Vulnerable until versions before 1.1.24 (Mandrake/MDKSA-2001:009; Debian DSA-011-2 notes patch in 1.1.21-3po...

CVE-2001-0261

CVE-2001-0261 affects Microsoft Windows 2000 Encrypted File System. The issue is that backups of encrypted files are not properly destroyed, allowing a local attacker to recover the plaintext. The NVD entry assigns a low impact with partial confidentiality loss (CVSS v2 base score 2.1, LOCAL acce...

Serious Pitbull LX Vulnerability

Background: Back in February, eWeek and Argus Systems held OpenHack III. "Pitbull vs The Worlds Toughest". With much hype the contest came and went. The result? "17 days, 40,000 Challengers, 5.4 Million Punches and 1 E-Security Champion". As 'the first product to withstand an OpenHack unscathed'...

Локальный DoS против Windows NT (mutex)

Пользователь может захватить все mutex-объекты, после чего другие приложения не смогут работать с сетью...

Solaris 2.6/2.7 - '/usr/bin/write' Local Overflow

include include / /usr/bin/write overflow proof of conecpt. Tested on Solaris 7 x86 Pablo Sor, Buenos Aires, Argentina. 01/2000 [email protected] usage: write-exp shelloffset retaddroffset default offset should work. / long getesp asm"movl %esp,%eax"; char shell =...

CVE-2000-0996

CVE-2000-0996: A format-string vulnerability in the OpenBSD su utility (and possibly other BSD-based OSes) allows a local attacker to gain root privileges via a malformed shell. The issue is described in the NVD entry with a CVSS v2 base score of 7.2 (HIGH) and LOCAL, LOW–complexity conditions, e...

CVE-2000-1031

Technical details of CVE-2000-1031 are not publicly provided in the supplied documents; monitor for updates.

CVE-2000-1103

rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line...