499 matches found
Solaris 2.62.67.08 whodo - Local Buffer Overflow
Solaris 2.62.67.08 whodo - Local Buffer Overflow // source: https://www.securityfocus.com/bid/2935/info The 'whodo' utility shipped with Sun Microsystems' Solaris provides a listing of users online and their activities. It is installed setuid root because it reads from the 'utmp' log as well as...
CVE-2000-0308
Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges...
Solaris Xsun buffer overflow vulnerability
Solaris Xsun buffer overflow vulnerability Discovered and exploited by: Riley Hassell [email protected] Release Date: April 10, 2001 Systems Affected: Solaris 7/8 x86 and sparc Description: Yet some more Solaris spring cleaning... A buffer overflow was discovered in Xsun. Since Xsun is SUID root,...
CVE-2001-0176
The setuid doroot program in Voyant Sonata 3.x executes arbitrary command line arguments, which allows local users to gain root privileges...
Дырка в snmpd в Solaris
Переполнение буфера при разборе аргументов дает возможность получения привилегий root...
CVE-2000-0997
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges...
Удаленная дыра в BSD ftpd
Однобайтное переполнение стека позволяет получить привелегии root...
Solaris 2.52.5.12.67.0 - sadmind Remote Buffer Overflow (3)
Solaris 2.52.5.12.67.0 - sadmind Remote Buffer Overflow 3 // source: https://www.securityfocus.com/bid/866/info Certain versions of Solaris ship with a version of sadmind which is vulnerable to a remotely exploitable buffer overflow attack. sadmind is the daemon used by Solstice AdminSuite...
CVE-2000-0466
AIX cdmount allows local users to gain root privileges via shell metacharacters...
XFree86 server overflow
XFree86 3.3.6 and probably 4.0.0 as well ; - by running X server no matter it's setuid, or called from setuid Xwrapper - works in both cases, seems to me Xwrapper in default RH 6.x distro is rather dumb ; with -xkbmap parameter and over 2100 of 'A's or shellcode, again, it's rather trivial to...
Matt Kimball and Roger Wolff mtr 0.28/0.41 / Turbolinux 3.5 b2/4.2/4.4/6.0 - mtr (2)
// source: https://www.securityfocus.com/bid/1038/info A potential vulnerability exists in the 'mtr' program, by Matt Kimball and Roger Wolff. Versions prior to 0.42 incorrectly dropped privileges on all Unix variants except HPUX. By calling a seteuidgetuid call, the authors hoped to drop...
CVE-2000-0163
asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file...
CVE-1999-0948
CVE-1999-0948 describes a buffer overflow in the uum program for the Canna input system that allows local users to gain root privileges. This is corroborated by multiple sources (NVD, CVE List, Red Hat). The connected documents do not specify affected versions, exact root cause details beyond “bu...
rxvt.sh
There is a major security hole in rxvt, a terminal emulator for X, when it is run on systems suid root, as is required on many configurations in order to write to the utmp file. It is obvious from the code that this program was not written to be run suid root, its a pity that sysadmins that insta...
CVE-1999-0420
umapfs allows local users to gain root privileges by changing their uid through a malicious mountumap program...
BNC 2.2.4/2.4.6/2.4.8 - IRC Proxy Buffer Overflow (1)
/ source: https://www.securityfocus.com/bid/1927/info BNC's IRC Proxy is used as a gateway to an IRC server. A buffer stores a username which arguments the program's USER command. User-supplied input to this buffer is improperly checked for length. As a result, the excessive data copied onto the...
BNC 2.2.42.4.62.4.8 - IRC Proxy Buffer Overflow (2)
BNC 2.2.42.4.62.4.8 - IRC Proxy Buffer Overflow 2 / source: https://www.securityfocus.com/bid/1927/info BNC's IRC Proxy is used as a gateway to an IRC server. A buffer stores a username which arguments the program's USER command. User-supplied input to this buffer is improperly checked for length...
SGI IRIX 6.2 - fsdump Local Privilege Escalation
SGI IRIX 6.2 - fsdump Local Privilege Escalation source: https://www.securityfocus.com/bid/355/info A number of vulnerabilities exist in the fsdump program included with Silicon Graphics Inc's IRIX operating system. Each of these holes can be used to obtain root privlilege. Variant 1: irix%...
SGI IRIX 6.2 - 'fsdump' Local Privilege Escalation
source: https://www.securityfocus.com/bid/355/info A number of vulnerabilities exist in the fsdump program included with Silicon Graphics Inc's IRIX operating system. Each of these holes can be used to obtain root privlilege. Variant 1: irix% /var/rfindd/fsdump -L/etc/passwd -F/tmp/dump / count t...