CVE-2009-0360

Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid...

CVE-2009-0360

CVE-2009-0360 affects the PAM Kerberos library (pam-krb5) when linked against MIT Kerberos, where improper initialization for setuid use allows a local attacker to gain privileges by pointing an environment variable to a modified Kerberos config file and launching a PAM-based setuid application. ...

CVE-2009-0361

Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...

CVE-2009-0360

Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid...

CVE-2009-0360

Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid...

Debian DSA-1721-1 : libpam-krb5 - several vulnerabilities

Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0360 Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from environment variables...

CVE-2009-0361

Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...

pam-krb5 security advisory (3.12 and earlier)

pam-krb5 security vulnerability Vulerability type: Local privilege escalation, local file overwrite Versions affected: All versions prior to 3.13 Versions fixed: 3.13 and later Reported: 2009-01-29 Public announcement: 2009-02-11 CVE IDs: CVE-2009-0360, CVE-2009-0361 A security vulnerability in...

USN-700-2: Perl regression

USN-700-1 fixed vulnerabilities in Perl. Due to problems with the Ubuntu 8.04 build, some Perl .ph files were missing from the resulting update. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jonathan Smith discovered that the Archive::Tar Perl modul...

kernel: open() call allows setgid bit when user is not in new file's group

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable...

Privilege escalation via PR_SET_PDEATHSIG

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal PRSETPDEATHSIG...

FreeBSD Ports: p5-File-Path

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Privilege escalation via PR_SET_PDEATHSIG

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal PRSETPDEATHSIG...

FreeBSD : p5-File-Path -- rmtree allows creation of setuid files (13b0c8c8-bee0-11dd-a708-001fc66e7203)

Jan Lieskovsky reports : perl-File-Path rmtree race condition CVE-2005-0448 was assigned to address this This vulnerability was fixed in 5.8.4-7 but re-introduced in 5.8.8-1. It's also present in File::Path 2.xx, up to and including 2.07 which has only a partial fix. %NASLMINLEVEL 70300 C Tenable...

Solaris/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (61 bytes)

Solaris/x86 - setuid0 + /bin/cat /etc/shadow Shellcode 61 bytes. Shellcode exploit for Solarisx86 platform. Tags: Metasploit Framework MSF Name = John Babio Twitter = 3vi1john SunOS opensolaris 10 5.11 i86pc i386 i86pc setuid0 /bin/cat //etc/shadow char code=...

Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode

Solaris/SPARC - Bind TCP 2001/TCP Shell /bin/sh Shellcode. Shellcode exploit for SolarisSPARC platform !!! $Id: sparc-bind.s,v 1.1 2003/03/01 01:10:51 ghandi Exp $ !!! Bind /bin/sh to TCP port 2001. Calls setuid0 so /bin/sh won't !!! drop privileges. After assembly, change the third byte in the !...

Linux/x86 - setuid(0) + execve(/bin/sh, 0, 0) Shellcode (27 bytes)

Linux/x86 - setuid0 + execve/bin/sh, 0, 0 Shellcode 27 bytes. Shellcode exploit for Linuxx86 platform include include / by Magnefikko 24.04.2010 [email protected] Promhyl Studies :: http://promhyl.oz.pl Subgroup: PRekambr Name: 27 bytes setuid0 ^ execve"/bin/sh", 0, 0 shellcode Platform: Linux...

Linux/x86 - setuid(0) + execve("/bin/sh",0,0) Shellcode (28 bytes)

Linux/x86 - setuid0 + execve"/bin/sh",0,0 Shellcode 28 bytes. Shellcode exploit for Linuxx86 platform / linux/x86 setuid0 & execve"/bin/sh",0,0 28 bytes http://www.gonullyourself.org sToRm I made this, because http://www.milw0rm.com/shellcode/7115 felt the need to express his "superior" 28-byte...

Linux/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (34 bytes)

Linux/x86 - setuid0 + Break chroot ../ 10x Loop Shellcode 34 bytes. Shellcode exploit for Linuxx86 platform / The setuid0+chroot shellcode. It is the one of the smallest shellcodes in the !!world!! it will put '../' 10 times Size 34 bytes OS Linux /rootteam/dev0id rootteam.void.ru...

Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (29 bytes)

Linux/x86 - setuid0 + execve/bin/sh Shellcode 29 bytes. Shellcode exploit for Linuxx86 platform / 29 byte-long setuid0 + execve"/bin/sh",... shellcode by Marcin Ulikowski / include char shellcode = "\x31\xdb" / xor %ebx,%ebx / "\x8d\x43\x17" / lea 0x17%ebx,%eax / "\xcd\x80" / int $0x80 / "\x53" /...