1289 matches found
SUS 2.0.2 local root vulnerability
LSS Security Advisories http://security.lss.hr --- Title : SUS 2.0.2 local root vulnerability Advisory ID : LSS2004-09-01 Date : September 14th, 2004 Advisory URL: : http://security.lss.hr/index.php?page=details&ID=LSS-2004-09-01 Impact : Any user can obtain root privileges Risk level : High...
cdrtools: Local root vulnerability in cdrecord if set SUID root
Background The cdrtools package is a set of tools for CD recording, including the popular cdrecord command-line utility. Description Max Vozeler discovered that the cdrecord utility, when set to SUID root, fails to drop root privileges before executing a user-supplied RSH program. By default,...
[Full-Disclosure] MDKSA-2004:091 - Updated cdrecord packages fix local root vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrakelinux Security Update Advisory Package name: cdrecord Advisory ID: MDKSA-2004:091 Date: September 7th, 2004 Affected versions: 10.0, 9.2 Problem Description: Max Vozeler found that the cdrecord program, which is suid root, fails to drop euid=0...
Debian proftpd root Privilege Escalation
Binary data 1817.prm...
Mandrake Linux Security Advisory : openssh (MDKSA-2002:019)
Joost Pol found a bug in the channel code of all versions of OpenSSH from 2.0 to 3.0.2. This bug can allow authenticated users with an existing account on the vulnerable system to obtain root privilege or by a malicious server attacking a vulnerable client. OpenSSH 3.1 is not vulnerable to this...
Mandrake Linux Security Advisory : mm (MDKSA-2002:045)
Marcus Meissner and Sebastian Krahmer discovered a temporary file vulnerability in the mm library which is used by the Apache webserver. This vulnerability can be exploited to obtain root privilege if shell access to the apache user typically apache or nobody is already obtained. %NASLMINLEVEL...
Mandrake Linux Security Advisory : sudo (MDKSA-2002:003)
The SuSE Security Team discovered a vulnerability in sudo that can be exploited to obtain root privilege because sudo is installed setuid root. An attacker could trick sudo to log failed sudo calls executing the sendmail or equivalent mailer program with root privileges and an environment that is...
Mandrake Linux Security Advisory : samba (MDKSA-2003:032)
The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a...
Mandrake Linux Security Advisory : kernel (MDKSA-2004:001)
A flaw in bounds checking in mremap in the Linux kernel versions 2.4.23 and previous was discovered by Paul Starzetz. This flaw may be used to allow a local attacker to obtain root privilege. Another minor information leak in the RTC real time clock routines was fixed as well. All Mandrake Linux...
Mandrake Linux Security Advisory : tcltk (MDKSA-2002:060)
Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run...
Mandrake Linux Security Advisory : cups (MDKSA-2003:001)
iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be...
Fedora Core 1 : kernel-2.4.22-1.2138.nptl (2003-046)
Paul Starzetz discovered a flaw in bounds checking in mremap in the Linux kernel versions 2.4.23 and previous which may allow a local attacker to gain root privileges. No exploit is currently available; however, it is believed that this issue is exploitable although not trivially. The Common...
RHEL 2.1 : sendmail (RHSA-2003:074)
Updated Sendmail packages are available to fix a vulnerability that may allow remote attackers to gain root privileges by sending a carefully crafted message. Updated March 18 2003 Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS. Sendmail is a widely used Mail...
CVE-2004-0077
The domremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the domunmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different...
DSA-441 linux-kernel-2.4.17-mips+mipsel - missing function return value check
Bulletin has no description...
Important: Red Hat Security Advisory: : Updated XFree86 packages provide security and bug fixes
Updated XFree86 packages for Red Hat Linux 9 provide security fixes to font libraries and XDM. XFree86 is an implementation of the X Window System providing the core graphical user interface and video drivers in Red Hat Linux. XDM is the X display manager. Multiple integer overflows in the transf...
NSFOCUS SA2003-07: HP-UX Software Distributor Buffer Overflow Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NSFOCUS Security AdvisorySA2003-07 Topic: HP-UX Software Distributor Buffer Overflow Vulnerability Release Date: 2003-11-13 CVE CAN ID: CAN-2003-0089 http://www.nsfocus.com/english/homepage/research/0307.htm Affected system: =================== - -...
OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple security vulnerabilities in Xsco
To: [email protected] [email protected] [email protected] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SCO Security Advisory Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple security vulnerabilities in Xsco Advisory number: CSSA-2003-SCO.26...
[SECURITY] [DSA-385-1] New hztty packages fix buffer overflows
-------------------------------------------------------------------------- Debian Security Advisory DSA 385-1 [email protected] http://www.debian.org/security/ Matt Zimmerman September 18th, 2003 http://www.debian.org/security/faq -...
Critical: Red Hat Security Advisory: : : : Updated sendmail packages fix vulnerabilities
Updated Sendmail packages are available for Red Hat Linux on IBM iSeries and pSeries systems to fix a vulnerability that allows local and possibly remote attackers to gain root privileges as well as a vulnerability that may allow remote attackers to gain root privileges by sending a carefully...