3209 matches found
DEBIAN-CVE-2005-4667
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long...
GLSA-200512-17 : scponly: Multiple privilege escalation issues
The remote host is affected by the vulnerability described in GLSA-200512-17 scponly: Multiple privilege escalation issues Max Vozeler discovered that the scponlyc command allows users to chroot into arbitrary directories. Furthermore, Pekka Pessi reported that scponly insufficiently validates...
CVE-2005-4532
scponlyc in scponly 4.1 and earlier, when the operating system supports LDPRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LDPRELOAD to...
CVE-2005-4532
CVE-2005-4532 affects scponly versions 4.1 and earlier. The root cause is a design/implementation flaw in scponlyc that can be exploited when LD_PRELOAD is available: an unprivileged user can create a chroot directory in their home, hard-link to a system setuid application, and override expected ...
scponly -- local privilege escalation exploits
Max Vozeler reports: If ALL the following conditions are true, administrators using scponly-4.1 or older may be at risk of a local privilege escalation exploit: the chrooted setuid scponlyc binary is installed regular non-scponly users have interactive shell access to the box a user executable...
security flaw
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452...
CVE-2005-4082
The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users to modify the NIC configuration and conduct other attacks...
GLSA-200511-17 : FUSE: mtab corruption through fusermount
The remote host is affected by the vulnerability described in GLSA-200511-17 FUSE: mtab corruption through fusermount Thomas Biege discovered that fusermount fails to securely handle special characters specified in mount points. Impact : A local attacker could corrupt the contents of the /etc/mta...
CVE-2004-2611
The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 aka 0.9.6-r5, possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the 1 setuid, 2 setgid, and 3 sticky bits when changing a file, which might allow attackers to gain privileges or conduct other...
CVE-2005-3531
fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters...
[SECURITY] [DSA 895-1] New uim packages fix privilege escalation
-------------------------------------------------------------------------- Debian Security Advisory DSA 895-1 [email protected] http://www.debian.org/security/ Martin Schulze November 14th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 895-1] New uim packages fix privilege escalation
-------------------------------------------------------------------------- Debian Security Advisory DSA 895-1 [email protected] http://www.debian.org/security/ Martin Schulze November 14th, 2005 http://www.debian.org/security/faq -...
[Full-disclosure] DMA[2005-1112a] - 'Veritas Storage Foundation VCSI18N_LANG buffer overflow'
DMA2005-1112a - 'Veritas Storage Foundation VCSI18NLANG buffer overflow' Author: Kevin Finisterre Vendor: http://www.Veritas.com Product: 'Veritas Cluster Server for UNIX' References: http://www.digitalmunition.com/DMA2005-1112a.txt http://www.symantec.com/avcenter/security/Content/2005.11.08a.ht...
Operator Shell (osh) 1.7-14 Local Root Exploit
Exploit for linux platform in category local exploits ============================================== Operator Shell osh 1.7-14 Local Root Exploit ============================================== !/bin/sh OSH 1.7-14 Exploit EDUCATIONAL purposes only.... :- by Charles Stevenson core Description: The...
Sudo <= 1.6.8p9 (SHELLOPTS/PS4 ENV variables) Local Root Exploit
Exploit for linux platform in category local exploits ================================================================ Sudo int main setuid0; system"/bin/sh"; % % gcc -o egg egg.c % setenv SHELLOPTS xtrace % setenv PS4 '$chown root:root egg' % sudo ./x.sh echo Getting root!! Getting root!! % ls...
Sudo 1.6.8p9 - SHELLOPTSPS4 Environment Variables Privilege Escalation
Sudo 1.6.8p9 - SHELLOPTSPS4 Environment Variables Privilege Escalation Sudo local root escalation privilege vuln versions : sudo int main setuid0; system"/bin/sh"; % % gcc -o egg egg.c % setenv SHELLOPTS xtrace % setenv PS4 '$chown root:root egg' % sudo ./x.sh echo Getting root!! Getting root!! %...
CVE-2005-2748
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application...
CVE-2005-2748
The CVE-2005-2748 issue affects Apple Mac OS X 10.3.9 and 10.4.2, where the malloc function in libSystem can be manipulated via the MallocLogFile environment variable before running a setuid application. This allows local users to overwrite arbitrary files. Root cause: environment-controlled log ...
CVE-2005-2748
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application...
CVE-2005-3279
Stack-based buffer overflow in the vgascoprintf function in Jan Kybic BitMap Viewer BMV 1.2, when compiled with the MUNIX flag and running setuid, allows local users to gain privileges via a long filename in the -b command line option...