glibc 2.2 local vulnerability on setuid binaries

glibc-2.2 contains a local vulnerability that affects all setuid root binaries. Any user on affected systems will be able to read any file on the system through a simple process: The user sets the RESOLVHOSTCONF environment variable to the name of the file that they wish to read, then runs any...

Seyon buffer overflow exploit.

Dear, Vuln-Dev I am posting this here since I do not know if the attached buffer overflow exploit will work on any distribution where seyon comes as setgid/setuid by default. Seyon which is a telecommunications package for the X Window System, is not intended to run as setuid/setgid, however, I...

itetris[v1.6.2] local root exploit (system()+../ protection)

i was auditing some svgalibsuid root programs and noticed itetris had a possibly exploitable system; call... which has since obviously proven exploitable or i wouldn't be posting this message. : ORIGINAL exploit url belowun-wrapped: http://realhalo.org/xitetris.c xitetris.c: / itetrisv1.6.2 local...

CVE-2000-0959

glibc2 does not properly clear the LDDEBUGOUTPUT and LDDEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack...

Itetris 1.6.11.6.2 - Privileged Arbitrary Command Execution

Itetris 1.6.11.6.2 - Privileged Arbitrary Command Execution // source: https://www.securityfocus.com/bid/2139/info Itetris, or "Intelligent Tetris", is a clone of the popular Tetris puzzle game for linux systems. The svgalib version of Itetris is installed setuid root so that it may access video...

More Sonata Conferencing software vulnerabilities.

Vulnerability Report 2 For Voyant Technologies Sonata Conferencing product. Larry W. Cashdollar Vapid Labs Date Published: 12/18/2000 Advisory ID: 12182000-02 CVE CAN: None currently assigned. Title: Sonata doroot command vulnerability. Class: Design Error Remotely Exploitable: no Locally...

Fixed local AIX V43 vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Just for the record, here are some local AIX vulnerabilities we have found, and which have been fixed by IBM this year. If you have been applying fixes, there should be no problem with these anymore. But it might be interesting to know what some of those massive...

dump 0.4b15 Local Root Exploit

Exploit for linux platform in category local exploits ============================== dump 0.4b15 Local Root Exploit ============================== !/bin/sh Redhat 6.2 dump command executes external program with suid priviledge. Discovered by Mat Written for and by a scriptkid Tasc ;P Remember,...

xsplumber - strcpy() Local Buffer Overflow

xsplumber - strcpy Local Buffer Overflow / linuxsplumberversion2 buffer overflow, by [email protected]. this is a misc. exploit for the linux-SVGAlib space plumber game. which, as you know needs to be installed setuid root. this overflow is due to a simple oversight in the command line parser. us...

xsplumber - strcpy() buffer overflow

Exploit for linux platform in category local exploits ==================================== xsplumber - strcpy buffer overflow ==================================== / linuxsplumberversion2 buffer overflow, by v9email protected. this is a misc. exploit for the linux-SVGAlib space plumber game. which...

xsplumber - 'strcpy()' Local Buffer Overflow

/ linuxsplumberversion2 buffer overflow, by [email protected]. this is a misc. exploit for the linux-SVGAlib space plumber game. which, as you know needs to be installed setuid root. this overflow is due to a simple oversight in the command line parser. uses strcpy to copy to an unchecked 250 byt...

CVE-2000-0879

LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services...

HP-UX 9.x/10.x/11.x - cu Buffer Overflow

source: https://www.securityfocus.com/bid/1886/info cu is a unix utility that is used for communication between two hosts usually over phone lines. It is typically isntalled setuid root so that it can access communications hardware when executed by a regular user. The version of cu that ships wit...

David Bagley xlock 4.16 - User Supplied Format String (2)

David Bagley xlock 4.16 - User Supplied Format String 2 // source: https://www.securityfocus.com/bid/1585/info A vulnerability exists in versions of the xlockmore program, originally written by David Bagley. It is believed to affect all versions of xlock derived from xlockmore. This includes the...

CVE-2000-0880

The CVE-2000-0880 entry concerns LPPlus creating the lpdprocess file with world-writable permissions, which allows local users to kill arbitrary processes by specifying a process ID and using the setuid dcclpdshut program to terminate the specified process. Impact is local access and partial inte...

CVE-2000-0879

CVE-2000-0879: LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world‑executable, which allows arbitrary local users to start and stop various LPD services. The provided documents do not include exploitation details or remediation in...

CVE-2000-0879

LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services...

ntop 1.x - i Local Format String

ntop 1.x - i Local Format String source: https://www.securityfocus.com/bid/1840/info ntop network top is a unix program used for displaying network usage statistics. It is often installed setuid root because it uses privileged ports. ntop is vulnerable to a format string vulnerability that can...

CVE-2000-0506

The CVE refers to the Linux kernel capabilities feature prior to 2.2.16. Local users can cause a denial of service or gain privileges by manipulating capabilities to prevent a setuid program from dropping privileges. The provided documents do not include exploit details or a specified fix/patch i...

MDKSA-2000:057 - openssh update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Linux-Mandrake Security Update Advisory Package name: openssh Date: October 10th, 2000 Advisory ID: MDKSA-2000:057 Affected versions: 7.0, 7.1 Problem Description: A problem exists with openssh's scp program. If a user uses scp to move files from a...