Ehud Gavron TrACESroute 6.1.1 - Terminator Function Format String

source: https://www.securityfocus.com/bid/4956/info A format string vulnerability exists in TrACESroute. The problem exists in the terminator -T function of the program. Due to improper use of the fprintf function, an attacker may be able to supply a malicious format string to the program that...

QNX 6.x - 'ptrace()' Arbitrary Process Modification

source: https://www.securityfocus.com/bid/4919/info The QNX implementation of 'ptrace' is reportedly insecure. An unprivileged process may attach to a setuid program without restriction. Since the attaching process may view or edit memory, an attacker may exploit this issue to escalate privileges...

xandros-autorun.txt

There is a new debian based distro called Xandros making its way on to the market.I believe the developers from Corel Linux are on board with Xandros. It has at least one public beta and another on the way and I know of at least one OS that uses it as its backend. I got a chance to play on a coup...

QNX RTOS 4.25/6.1 - su Password Hash Disclosure

source: https://www.securityfocus.com/bid/4914/info It has been reported that the 'su' utility for QNX RTOS accepts the SIGSEGV signal and dumps a world readable core file. An attacker is able to analyze the core file and obtain very sensitive information. It is very probable that this is a...

QNX RTOS 4.25 - monitor Arbitrary File Modification

QNX RTOS 4.25 - monitor Arbitrary File Modification source: https://www.securityfocus.com/bid/4902/info The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files such as /etc/passwd. monitor is installed setuid root by default. The monitor ...

QNX RTOS 4.25 - 'CRTTrap' File Disclosure

source: https://www.securityfocus.com/bid/4901/info The QNX RTOS crttrap binary includes a command-line option for specifying a configuration file. crttrap is installed setuid by default. crttrap Local attackers may specify an arbitrary system file in place of the configuration file and crttrap...

QNX RTOS 4.25 - monitor Arbitrary File Modification

source: https://www.securityfocus.com/bid/4902/info The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files such as /etc/passwd. monitor is installed setuid root by default. The monitor -f command line option may be used by a local attack...

IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/4891/info Informix is an enterprise database distributed and maintained by IBM. A buffer overflow vulnerability has been reported for Informix-SE for Linux. The overflow is due to an unbounded string copy of the INFORMIXDIR environment variable to a...

OpenBSD kernel fails to properly check closed file descriptors "0-2" when running setuid program

Overview The OpenBSD kernel does not adequately check file descriptors 0-2 prior to execing setuid binaries. Other OS kernels may be vulnerable as well. Description The OpenBSD kernel does not adequately check file descriptors 0-2 prior to execing setuid binaries. As a result, an attacker may be...

Pine Internet Advisory: Setuid application execution may give local root in FreeBSD

-----BEGIN PGP SIGNED MESSAGE----- ----------------------------------------------------------------------------- Pine Internet Security Advisory ----------------------------------------------------------------------------- Advisory ID : PINE-CERT-20020401 Authors : Joost Pol [email protected] Issue...

Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - 'exec C Library' Standard I/O File Descriptor Closure

/ source: https://www.securityfocus.com/bid/4568/info It has been reported that BSD-based kernels do not check to ensure that the C library standard I/O file descriptors 0-2 are valid open files before execing setuid images. Consequently, I/O that are opened by a setuid process may be assigned fi...

Security Update: [CSSA-2002-SCO.15] Open UNIX 8.0.0 UnixWare 7.1.1 : Buffer overflow in libX11 with -xrm

To: [email protected] [email protected] [email protected] Caldera International, Inc. Security Advisory Subject: Open UNIX 8.0.0 UnixWare 7.1.1 : Buffer overflow in libX11 with -xrm Advisory number: CSSA-2002-SCO.15 Issue date: 2002 April 11 Cross reference: 1. Problem...

AZL-36937 CVE-2002-0129 affecting package efax 0.9a-34

efax 0.9 and earlier, when installed setuid root, allows local users to read arbitrary files via the -d option, which prints the contents of the file in a warning message...

AZL-7197 CVE-2002-0129 affecting package efax 0.9a-34

efax 0.9 and earlier, when installed setuid root, allows local users to read arbitrary files via the -d option, which prints the contents of the file in a warning message...

CVE-2002-0129

efax 0.9 and earlier, when installed setuid root, allows local users to read arbitrary files via the -d option, which prints the contents of the file in a warning message...

AZL-36938 CVE-2002-0130 affecting package efax 0.9a-34

Buffer overflow in efax 0.9 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -x argument...

AZL-7198 CVE-2002-0130 affecting package efax 0.9a-34

Buffer overflow in efax 0.9 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -x argument...

Compaq tru64 setuids /usr/bin/at and /usr/dt/bin/mailcv

Heres some the results of my latenight audit on Tru64. Its too late for me to mess with Compaqs web site to get the security contact I am tired and don't care or something. If someone has TRU64 gdb binaries I would love them... its too late for me to be playing with the Tru64 ladebug also... get ...

CVE-2002-0130

CVE-2002-0130 is a buffer overflow in efax 0.9 and earlier when installed setuid root, allowing local users to execute arbitrary code via a long -x argument. Affected package reference appears as efax 0.9a-34 in at least one listing. The vulnerability is exploitable locally; the documents do not ...

CVE-2002-0129

The CVE-2002-0129 issue affects efax 0.9 and earlier when installed setuid root. The vulnerability allows local users to read arbitrary files by using the -d option, which prints the file contents in a warning message. The underlying flaw is a local privilege issue that exposes sensitive data (co...