Interbase 6.0 - GDS_Drop Interbase Environment Variable Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/5044/info Interbase is a database distributed and maintained by Borland. It is available for Unix and Linux operating systems. A buffer overflow has been discovered in the gdsdrop program packaged with Interbase. This problem could allow a local user t...

Ehud Gavron TrACESroute 6.1.1 - Terminator Function Format String

Ehud Gavron TrACESroute 6.1.1 - Terminator Function Format String source: https://www.securityfocus.com/bid/4956/info A format string vulnerability exists in TrACESroute. The problem exists in the terminator -T function of the program. Due to improper use of the fprintf function, an attacker may ...

IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (2)

source: https://www.securityfocus.com/bid/4891/info Informix is an enterprise database distributed and maintained by IBM. A buffer overflow vulnerability has been reported for Informix-SE for Linux. The overflow is due to an unbounded string copy of the INFORMIXDIR environment variable to a local...

Sun Solaris 2.67.08 - XSun Color Database File Heap Overflow

Sun Solaris 2.67.08 - XSun Color Database File Heap Overflow // source: https://www.securityfocus.com/bid/4408/info Solaris is the freely available Unix operating system distributed by Sun Microsystems. It may be possible for a local user to gain elevated privileges. When Xsun is executed, and an...

Sun Solaris 2.6/7.0/8 - XSun Color Database File Heap Overflow

// source: https://www.securityfocus.com/bid/4408/info Solaris is the freely available Unix operating system distributed by Sun Microsystems. It may be possible for a local user to gain elevated privileges. When Xsun is executed, and an excessively long argument is supplied to the -co flag, a hea...

Local Security Vulnerability in Windows NT and Windows 2000

LOCAL SECURITY VULNERABILITY IN WINDOWS NT AND WINDOWS 2000 Radim "EliCZ" Picha [email protected] discovered a vulnerability in Windows NT 4.0 and Windows 2000. He has written an exploit called DebPloit that shows the weakness of a local Windows NT/2000 security and totally compromises entire...

CVE-2001-1133

Technical details about CVE-2001-1133 are not publicly provided in the supplied documents. No concrete affected products, versions, root cause, impact, or remediation are present. Monitor for updates in future disclosures.

CVE-1999-1034

This CVE (CVE-1999-1034) is a local privilege escalation in the login component of AT&T System V Release 4. The NVD entry lists a base score of 7.2 (HIGH) with Local attack vector, low attack complexity, no authentication required, and complete impact on confidentiality, integrity, and availabili...

[SECURITY] [DSA 119-1] ssh channel bug

Package: openssh Vulnerability: local root exploit, remote client exploit Debian-specific: no Joost Pol [email protected] reports that OpenSSH versions 2.0 through 3.0.2 have an off-by-one bug in the channel allocation code. This vulnerability can be exploited by authenticated users to gain root...

Tarantella Enterprise 3 - Symbolic Link

source: https://www.securityfocus.com/bid/4115/info Tarantella Enterprise 3 contains a locally exploitable symbolic link vulnerability during it's installation procedure. This vulnerability can be exploited to elevate privileges. An attacker anticipating the install of Tarantella could create a...

Ximian Mozilla: The 2618 Bug

NOTE TO THE MODERATOR: This was sent yesterday but i guess didn't make it since this doesn't seem to affect a redhat itself, it affects the mozilla packages distrbuted by Ximian: The test system look like: bash rpm -qa | grep mozilla mozilla-0.9.8-1.ximian.2 mozilla-mail-0.9.8-1.ximian.2...

[SECURITY] [DSA 112-1] New hanterm packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 112-1 [email protected] http://www.debian.org/security/ Martin Schulze February 16th, 2002 - -------------------------------------------------------------------------- Package : hanterm...

Hanterm 3.3 - Local Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/4050/info Hanterm is a replacement for xterm which includes Hangul support, used for Korean language systems. A buffer overflow error exists in hanterm. If it is called locally with a maliciously constructed parameter, it is possible to overflow a...

Hanterm 3.3 - Local Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/4050/info Hanterm is a replacement for xterm which includes Hangul support, used for Korean language systems. A buffer overflow error exists in hanterm. If it is called locally with a maliciously constructed parameter, it is possible to overflow a...

CVE-2001-1034

Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for 1 faxrm or 2 faxalter...

Unixware 7.1.1 scoadminreg.cgi local exploit

unixware: uname -a UnixWare unixware 5 7.1.1 i386 x86at SCO UNIXSVR5 unixware: id uid=101mearee gid=1other unixware: ./scoadminreg.sh jGgM root exploit http://www.netemperor.com/ Mail: [email protected] Manager: -c /tmp/jggm;/tmp/jggm; ERROR: Cannot find a Webtop object associated with -c /tmp/jggm...

Xitami Webserver stores admin password in clear text.

I am releasing this a bit early as the vendor has been aware of this issue for a while now. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vapid Labs Larry W. Cashdollar Xitami Webserver clear text password storage vulnerability. Date Published: 11/23/2001 Advisory ID: 11232001-02 Title: Xitami...

OSX remote root

I have seen mention of nidump being used local to an OSX box to take root... I have found that with the use of "tags" it is also a remote root. I have not notified apple due to the fact that they did nothing about the original local exploit. Any machine with a "network" nidomain is vulnerable. It...

CVE-2001-0759

A concise summary of CVE-2001-0759: A buffer overflow in bctool of Jetico BestCrypt versions up to 0.8.1 allows local users to execute arbitrary code via a file or directory with an excessively long pathname processed during an unmount. Affected software: Jetico BestCrypt (bctool)

FreeBSD-SA-01:62.uucp

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:62 Security Advisory FreeBSD, Inc. Topic: UUCP allows local root exploit Category: core Module: uucp Announced: 2001-10-08 Credits: [email protected] Affects: All release...