Firebird 1.5 - Inet_Server Local Buffer Overflow

source: https://www.securityfocus.com/bid/17077/info Firebird is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly check boundaries of user-supplied command-line argument data before copying it to an insufficiently sized memory buffer...

CVE-2006-1079

htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, an...

squid security update

CentOS Errata and Security Advisory CESA-2006:0052 An updated squid package that fixes a security vulnerability as well as several issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Squid is a high-performance proxy cachin...

iDefense Security Advisory 03.02.06: Apple Mac OS X passwd Arbitrary Binary File Creation/Modification

Apple Mac OS X passwd Arbitrary Binary File Creation/Modification iDefense Security Advisory 03.02.06 http://www.idefense.com/application/poi/display?type=vulnerabilities March 02, 2006 I. BACKGROUND Mac OS X is an operating system for the Apple family of microcomputers. More information is...

[Full-disclosure] SCOSA-2006.9 UnixWare 7.1.3 UnixWare 7.1.4 : Setuid ptrace Local Privilege Escalation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SCO Security Advisory Subject: UnixWare 7.1.3 UnixWare 7.1.4 : Setuid ptrace Local Privilege Escalation Vulnerability Advisory number: SCOSA-2006.9 Issue date: 2006 February 21 Cross reference: fz533176 CVE-2005-2934 1. Problem Description A local use...

QNX Neutrino 6.2.1 (phfont) Race Condition Local Root Exploit

Exploit for QNX platform in category local exploits ============================================================= QNX Neutrino 6.2.1 phfont Race Condition Local Root Exploit ============================================================= !/bin/sh email protected 18/10/2003 $ cksum...

kernel security update

CentOS Errata and Security Advisory CESA-2006:0191-01 Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 32 bit architectures This security advisory has been rated as having important security impact by the Red Hat...

Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 64 bit architectures. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the...

GLSA-200601-14 : LibAST: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-200601-14 LibAST: Privilege escalation Michael Jennings discovered an exploitable buffer overflow in the configuration engine of LibAST. Impact : The vulnerability can be exploited to gain escalated privileges if the application...

LibAST: Privilege escalation

Background LibAST is a utility library that was originally intended to accompany Eterm, but may be used by various other applications. Description Michael Jennings discovered an exploitable buffer overflow in the configuration engine of LibAST. Impact The vulnerability can be exploited to gain...

CVE-2005-4667

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long...

Ubuntu 4.10 : perl vulnerabilities (USN-72-1)

Two exploitable vulnerabilities involving setuid-enabled perl scripts have been discovered. The package 'perl-suid' provides a wrapper around perl which allows to use setuid-root perl scripts, i.e. user-callable Perl scripts which have full root privileges. Previous versions allowed users to...

Mandrake Linux Security Advisory : fuse (MDKSA-2005:216)

Thomas Beige found that fusermount failed to securely handle special characters specified in mount points, which could allow a local attacker to corrupt the contents of /etc/mtab by mounting over a maliciously-named directory using fusermount. This could potentially allow the attacker to set...

Mandrake Linux Security Advisory : uim (MDKSA-2005:198)

Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libuim. The updated packages have been patched to address this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...

Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-30-1)

CAN-2004-0883, CAN-2004-0949 : During an audit of the smb file system implementation within Linux, several vulnerabilities were discovered ranging from out of bounds read accesses to kernel level buffer overflows. To exploit any of these vulnerabilities, an attacker needs control over the answers...

Ubuntu 4.10 : evolution vulnerability (USN-69-1)

Max Vozeler discovered an integer overflow in camel-lock-helper. An user-supplied length value was not validated, so that a value of -1 caused a buffer allocation of 0 bytes; this buffer was then filled by an arbitrary amount of user-supplied data. A local attacker or a malicious POP3 server coul...

Ubuntu 4.10 : linux-source-2.6.8.1 vulnerability (USN-39-1)

USN-30-1 fixed several flaws in the Linux ELF binary loader's handling of setuid binaries. Unfortunately it was found that these patches were not sufficient to prevent all possible attacks on 64-bit platforms, so previous amd64 kernel images were still vulnerable to root privilege escalation if...

Ubuntu 4.10 : perl vulnerability (USN-94-1)

Paul Szabo discovered another vulnerability in the rmtree function in File::Path.pm. While a process running as root or another user was busy deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had...

Design/Logic Flaw

The dupfdopen function in sys/kern/kerndescrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/...

CVE-2005-4741

NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid PSUGID process that performs an exec without a reset of real credentials...