Hewlett-Packard HP-UX Software Distributor (SD-UX) contains vulnerability permitting privilege escalation

Overview HP9000 Series 700/800 running HP-UX releases 10.01, 10.10, 10.20 and 11.00 are affected by a buffer overflow in Hewlett-Packard's HP-UX Software Distributor SD-UX. A local user can exploit this vulnerability to gain elevated privileges. Description Several applications in SD-UX contain...

[SECURITY] [DSA 079-1] New UUCP packages fix local exploit

---------------------------------------------------------------------------- Debian Security Advisory DSA 079-1 [email protected] http://www.debian.org/security/ Martin Schulze September 24, 2001 - ---------------------------------------------------------------------------- Package : uucp...

CVE-1999-1408

CVE-1999-1408 affects AIX 4.1.4 and HP-UX 10.01 and 9.05. The vulnerability arises when a local user opens a socket to a localhost port, calls shutdown to clear the socket, and then reuses the same socket to connect to a different localhost port, which can trigger a denial of service (crash). The...

CVE-1999-1272

CVE-1999-1272 concerns buffer overflows in the CDROM Confidence Test program (cdrom), enabling local users to gain root privileges. The provided sources describe the vulnerability as local, with root-level impact, but no remediation or patch details are included in the documents. Potential exploi...

BSDI 3.0/3.1 - Local Kernel Denial of Service

/ source: https://www.securityfocus.com/bid/3220/info It has been reported that there is a locally exploitable vulnerability in BSDI. It is allegedly possible for a userland process to cause the kernel to halt. This may be due to a bad system call. / / BSDiv3.0/3.1 system failure, by...

Local exploit for TrollFTPD-1.26

Affects: TrollFTPD 1.26 probably earlier Severity: local users can gain root access. Fix: upgrade to TrollFTPD-1.27 Fix URL: ftp://ftp.trolltech.com/freebies/ftpd/troll-ftpd-1.27.tar.gz Description: An error in the handling of recursive directory listings can result in an exploitable buffer...

nerf.iis.dos.txt

--== NERF gr0up security advisory 4 ==-- MS IIS local and remote DoS 1. Vulnerable soft: IIS 4,5 2. Description: Openning and reading of device files com1, com2, etc. using Scripting.FileSystemObject will crash ASP-processor asp.dll. 3. Local exploit: If you have permission on creating .asp-file,...

Solaris whodo Vulnerability

Vulnerability in Solaris whodo Date Published: July 5, 2001 Advisory ID: N/A Bugtraq ID: 2935 CVE CAN: Non currently assigned. Title: Solaris whodo Buffer Overflow Vulnerability Class: Boundary Error Condition Remotely Exploitable: No Locally Exploitable: Yes Vulnerability Description: The whodo...

NERF Advisory #4: MS IIS local and remote DoS

--== NERF gr0up security advisory 4 ==-- MS IIS local and remote DoS 1. Vulnerable soft: IIS 4,5 2. Description: Openning and reading of device files com1, com2, etc. using Scripting.FileSystemObject will crash ASP-processor asp.dll. 3. Local exploit: If you have permission on creating .asp-file,...

RH 7.0 Crontab exploit - apparently fixed

/ Crontab tmp file race condition http://bugzilla.redhat.com/bugzilla/showbug.cgi?id=37771 Apparently this is fixed. Wonder why it still works. Local exploit Quick and dirty exploit for crontab insecure tmp files Redhat 7.0 - kept up2date with up2date Checked Tue Jun 26 00:15:32 NZST 2001...

KDE KTVision 0.1 - File Overwrite

KDE KTVision 0.1 - File Overwrite source: https://www.securityfocus.com/bid/2913/info KTVision works with frame-grabber cards and KDE Unix K Desktop Environment to support TV video display on the PC screen. KTVision is vulnerable to symbolic link attacks. It is possible for an attacker to...

Solaris /opt/SUNWssp/bin/cb_reset Vulnerability

Vulnerability in Solaris /opt/SUNWssp/bin/cbreset Date Published: June 12, 2001 Advisory ID: N/A Bugtraq ID: N/A CVE CAN: Non currently assigned. Title: Solaris /opt/SUNWssp/bin/cbreset Buffer Overflow Vulnerability Class: Boundary Error Condition Remotely Exploitable: No Locally Exploitable: Yes...

Rxvt 2.6.1/2.6.2 - Local Buffer Overflow

source: https://www.securityfocus.com/bid/2878/info Rxvt is a color VT102 terminal emulator for X intended as an xterm1 replacement. A buffer overflow vulnerability exists in rxvt. The error occurs when certain command line options with long arguments are passed to rxvt. Because rxvt is installed...

Juergen Schoenwaelder scotty 2.1.x - ntping Buffer Overflow

// source: https://www.securityfocus.com/bid/2911/info ntping is a component of scotty, a Tcl interpreter used to retrieve status and configuration information for TCP/IP networks. The utility, which runs with root privileges, contains a locally exploitable buffer overflow vulnerability. A local...

lil' exim format bug

Hi BugTrackers Just a little bug to tell: THE BUG ------- accept.c, line 2506: else if smtpreply != NULL moansmtpbatchNULL, smtpreply; while moansmtpbatch is like this: moansmtpbatchchar cmdbuffer, char format, ... So when smtpreply contains format strings, it get transformed by moansmtpbatch. Wh...

Exim 3.x - Format String

Exim 3.x - Format String source: https://www.securityfocus.com/bid/2828/info Exim is a free, open-source Mail Transfer Agent for Unix systems. Exim is vulnerable to a locally exploitable format string attack which may compromise root access. The vulnerability exists only when the 'syntax checking...

[synnergy] - Solaris mailtool(1) buffer overflow vulnerability

Vulnerability in Solaris mailtool1 Date Published: May 29, 2001 Advisory ID: N/A Bugtraq ID: N/A Sun Bug ID: 4458476 CVE CAN: Non currently assigned. Title: Solaris mailtool1 Buffer Overflow Vulnerability Class: Boundary Error Condition Remotely Exploitable: No Locally Exploitable: Yes Vulnerable...

CVE-2001-0426

CVE-2001-0426 describes a buffer overflow in the dtsession component affecting Solaris (and possibly other OSes) that lets local users gain privileges when a long LANG environment variable is processed. The vulnerability is triggered by excessively long LANG values, leading to privilege escalatio...

[SECURITY] [DSA-056-1] man-db local exploit

Package : man-db Problem type : local file overwrite Debian-specific: no Ethan Benson found a bug in man-db packages as distributed in Debian/GNU/Linux 2.2. man-db includes a mandb tool which is used to build an index of the manual pages installed on a system. When the -u or - -c option were give...

IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) /usr/lib/print/netprint Local Exploit

Exploit for irix platform in category local exploits ======================================================================= IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 /usr/lib/print/netprint Local Exploit ======================================================================= !/bin/sh copyright LAST STAGE ...