Possible vulnerability in HPUX

Hello, Few days ago i read the mail Hackerslab bugpaper HP-UX bdf -t option buffer overflow vul. And decided to see any other possible vulnerabilityies on my ststem. HP-UX 10.20. After a few minutes maybe a little more : ,trying each setuid exe with different options, i finally got results as for...

linux/x86 break chroot setuid(0) + /bin/sh 132 bytes

Exploit for linux/x86 platform in category shellcode ==================================================== linux/x86 break chroot setuid0 + /bin/sh 132 bytes ==================================================== / Linux/x86 - setreuid0, 0; - chroot-break make a temp dir with mkdir, chroot to tempdi...

linux/x86 break chroot setuid0 + /bin/sh 132 bytes

linux/x86 break chroot setuid0 + /bin/sh 132 bytes. Shellcode exploit for linx86 platform / Linux/x86 - setreuid0, 0; - chroot-break make a temp dir with mkdir, chroot to tempdir, go through a loop of chdir".."; then a final chroot"."; - execve of /bin/sh used in several wu-ftpd, beroftpd and...

CVE-2000-0615

LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files...

LPRng lpd should not be SETUID root

Well, even in spite of all of my efforts, care, and paranoia, I finally dropped the hammer on my foot. Luckily it appears that I spotted this loophole before somebody on the LPRng mailing list did. Or worse yet, got a call from CERT about this problem :- SUMMARY: Versions of...

X 11.03.3.33.3.43.3.53.3.64.0 - libX11 _XAsyncReply() Stack Corruption

X 11.03.3.33.3.43.3.53.3.64.0 - libX11 XAsyncReply Stack Corruption // source: https://www.securityfocus.com/bid/1408/info A vulnerability exists in the XAsyncReply function of libX11. This function utilizes size information retrieved as part of a client supplied packet. This value is a signed...

X 11.0/3.3.3/3.3.4/3.3.5/3.3.6/4.0 - libX11 '_XAsyncReply()' Stack Corruption

// source: https://www.securityfocus.com/bid/1408/info A vulnerability exists in the XAsyncReply function of libX11. This function utilizes size information retrieved as part of a client supplied packet. This value is a signed integer. By forcing this value to be negative, it becomes possible to...

Серьезная ошибка в ядре Linux

Недокументированный вызов setcap из чернового стандарта POSIX позволяет установить некоторые ограничения на процесс, в т.ч. CAPSETUID, которая позволяет блокировать вызов setuid. При этом эти ограничения могут быть унаследованы дочерними приложениями, что позволяет, установив подобное ограничение...

KDE 1.1.2 KApplication configfile - Local Privilege Escalation (1)

KDE 1.1.2 KApplication configfile - Local Privilege Escalation 1 source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can...

KDE 1.1.2 KApplication configfile - Local Privilege Escalation (2)

KDE 1.1.2 KApplication configfile - Local Privilege Escalation 2 source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can...

KDE 1.1.2 KApplication configfile - Local Privilege Escalation (1)

source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can modify ownership of arbitrary files when running setuid root...

S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow (2)

S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/1239/info A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying ...

S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow (1)

S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow 1 // source: https://www.securityfocus.com/bid/1239/info A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying ...

S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Local Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/1239/info A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying a large, well crafted buffer containing machine executable code in place of the mount point, it is possib...

S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Local Buffer Overflow (3)

// source: https://www.securityfocus.com/bid/1239/info A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying a large, well crafted buffer containing machine executable code in place of the mount point, it is possib...

xsoldier (FreeBSD 3.3Linux Mandrake 7.0) - Local Buffer Overflow (2)

xsoldier FreeBSD 3.3Linux Mandrake 7.0 - Local Buffer Overflow 2 / source: https://www.securityfocus.com/bid/871/info Certain versions of FreeBSD 3.3 Confirmed and Linux Mandrake confirmed ship with a vulnerable binary in their X11 games package. The binary/game in question, xsoldier, is a setuid...

xsoldier (FreeBSD 3.3Linux Mandrake 7.0) - Local Buffer Overflow (1)

xsoldier FreeBSD 3.3Linux Mandrake 7.0 - Local Buffer Overflow 1 // source: https://www.securityfocus.com/bid/871/info Certain versions of FreeBSD 3.3 Confirmed and Linux Mandrake confirmed ship with a vulnerable binary in their X11 games package. The binary/game in question, xsoldier, is a setui...

xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Local Buffer Overflow (2)

/ source: https://www.securityfocus.com/bid/871/info Certain versions of FreeBSD 3.3 Confirmed and Linux Mandrake confirmed ship with a vulnerable binary in their X11 games package. The binary/game in question, xsoldier, is a setuid root binary meant to be run via an X windows console. The binary...

xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Local Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/871/info Certain versions of FreeBSD 3.3 Confirmed and Linux Mandrake confirmed ship with a vulnerable binary in their X11 games package. The binary/game in question, xsoldier, is a setuid root binary meant to be run via an X windows console. The binar...

Security Advisory: FreeBSD-SA-00:17.libmytinfo

============================================================================= FreeBSD-SA-00:17 Security Advisory FreeBSD, Inc. Topic: Buffer overflow in libmytinfo may yield increased privileges with third-party software. Category: core Module: libmytinfo Announced: 2000-05-09 Affects: FreeBSD 3....