CVE-2006-3378

CVE-2006-3378 affects the shadow passwd handling in Ubuntu 5.04–6.06 LTS, where passwd invoked with -f, -g, or -s does not check the return code of a setuid() call. This can allow local users to gain root privileges if setuid fails (e.g., due to PAM limits or resource caps). Exploitation details ...

USN-308-1: shadow vulnerability

Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid call. On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root...

DEBIAN-CVE-2006-2194

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM...

Authentication flaw

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM...

CVE-2006-2194

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM...

CVE-2006-2194

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM...

CVE-2006-2194

CVE-2006-2194 affects the winbind plugin in pppd (PPP, v2.4.4 and earlier). The code does not verify the success of setuid() when dropping privileges, which can fail under PAM limits and allow a local attacker to run the winbind NTLM authentication helper with elevated privileges. Impact is local...

CVE-2006-2194

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM...

CVE-2006-2194

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM...

Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (x86)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom This is a practical application of Non Executable Stack Lovin - http://www.digitalmunition.com/NonExecutableLovin.txt This code currently jum...

Apple Mac OSX 10.4.6 (x86) - 'launchd' Local Format String

!/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom This is a practical application of Non Executable Stack Lovin - http://www.digitalmunition.com/NonExecutableLovin.txt This code currently jumps into 0x1811111 via dyldstubclose...

Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (x86)

Exploit for macOS platform in category local exploits ============================================================== Mac OS X = 10.4.6 launchd Local Format String Exploit x86 ============================================================== !/usr/bin/perl...

Apple Mac OSX 10.4.x - OpenLDAP Denial of Service

source: https://www.securityfocus.com/bid/18728/info Mac OS X Open Directory Server is prone to a denial-of-service vulnerability because it fails to handle exceptional conditions. An attacker can exploit this issue to cause a crash in the LDAP server, effectively denying service to legitimate...

Mandrake Linux Security Advisory : arts (MDKSA-2006:107)

A vulnerability in the artswrapper program, when installed setuid root, could enable a local user to elevate their privileges to that of root. By default, Mandriva Linux does not ship artswrapper setuid root, however if a user or system administrator enables the setuid bit on artswrapper, their...

iPlanet.txt

Summary ---------------- Date: 14 Jun 2006 Vendor: Sun Microsystems, Inc. Name: iPlanet Messaging Server Version: 5.2 HotFix 1.16 built May 14 2003 Vuln: msg.conf symlink attack Severity: high Software description ---------------- The iPlanet Messaging Server is a software product that provides a...

CVE-2006-2916

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges...

PT-2006-1056 · Kde · Arts

Name of the Vulnerable Software and Affected Versions: aRts versions prior to 3.5.2-r1 Description: The issue allows local users to gain root privileges by causing the setuid function to fail, preventing artsd from dropping privileges. This can be exploited by authenticated local users, potential...

SUSE-SA:2006:027: cron

The remote host is missing the patch for the advisory SUSE-SA:2006:027 cron. Vixie Cron is the default CRON daemon in all SUSE Linux based distributions. The code in docommand.c in Vixie cron does not check the return code of a setuid call, which might allow local users to gain root privileges if...

Super Junior Linux Backdoor method of making-a vulnerability warning-the black bar safety net

A file has an owner, indicating that the file who is create. At the same time, the file there is a group number, indicating that the file belongs to the group, typically the owner of the file belongs to the group. If it is an executable file, then in the implementation, generally the file only ha...

CVE-2006-2607

docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...