3881 matches found
lynxtmp.txt
Date: Tue, 9 Feb 1999 20:57:30 -0500 From: Juan Diego Bolanos To: [email protected] Subject: Lynx /tmp problem Hi Aleph, please filter this if already posted.... ------ Hello.... I have found a bug in Lynx all versions, except the latest stable release... lynx create temporary files in /tmp in...
aix.enetwork.firewall.txt
Date: Tue, 25 May 1999 20:33:53 +0100 From: Paul Cammidge To: [email protected] Subject: IBM eNetwork Firewall for AIX The IBM eNetwork Firewall for AIX contains some poorly written scripts, which create temporary files in /tmp without making any attempt to validate the existance of the file...
cfengine.symlink.txt
Date: Tue, 16 Feb 1999 01:12:20 +0100 From: Wichert Akkerman To: [email protected] Subject: SECURITY New versions of cfengine fixes symlink attack -----BEGIN PGP SIGNED MESSAGE----- The maintainer of Debian GNU/Linux cfengine package found a error in the way cfengine handles temporary files wh...
midnight.commander.4.x.tmp.race.txt
ate: Sun, 7 Mar 1999 01:41:25 +0100 From: Michal Zalewski Midnight Commander 4.x bugs x2 Still not fixed. Temporary files mc are created in insecure way, allowing typical races. Also, entering directories containing $... somewhere might result in execution of embeeded code. Described days ago,...
netscape4.5-nsform.tmp.txt
02-FEB-99 - http://www.skylab.org/netscape/index.html Yet another browser bug was found late last week. This time in Netscape's Communicator 4.5. The problem appears with the way Netscape handles forms. In many cases, the browser will store data entered on a FORM in C:\WINDOWS\TEMP in a NSFORM.TM...
xfs.txt
Bug in xfs Lukasz Trabinski [email protected] Tue, 30 Mar 1999 00:14:34 +0200 Hello, I hope that's information will be useful for making new patch for XFree86. I found bug in xfs Packet XFree86-xfs-3.3.3.1-1 in RedHat 5.1 and probably in RedHat 5.2 updates, too Xfs is a font server for...
CVE-1999-0970
The OmniHTTPD visadmin.exe program allows a remote attacker to conduct a denial of service via a malformed URL which causes a large number of temporary files to be created...
Omnicron OmniHTTPd 1.12.0 Alpha 1 - visiadmin.exe Denial of Service
Omnicron OmniHTTPd 1.12.0 Alpha 1 - visiadmin.exe Denial of Service source: https://www.securityfocus.com/bid/1808/info OmniHTTPD is a web-server offered by Omnicron for the MS Windows platform. One of the CGI utilities it ships with and installs by default contains a bug that could, if exploited...
G. Wilford man 2.3.10 - Symlink
source: https://www.securityfocus.com/bid/305/info The man command created a temporary file under /tmp with a predictable name and is willing to follow symbolic links. This may allow malicious local users to create arbitrarily named files. zsoelim1 is a utility part of the man package which...
IBM AIX 4.2.1 - snap Insecure Temporary File Creation
IBM AIX 4.2.1 - snap Insecure Temporary File Creation source: https://www.securityfocus.com/bid/375/info The snap command is a diagnostic utlitiy for gathering system information on AIX platforms. It can only be executed by root, but it copies various system files into /tmp/ibmsupt/ under...
[SECURITY] New versions of cfengine fixes symlink attack
The maintainer of Debian GNU/Linux cfengine package found a error in the way cfengine handles temporary files when it runs the tidy action on homedirectories, which makes it suspectible to a symlink attack. The author has been notified of the problem but has not released a fix yet. We recommend y...
CVE-1999-0458
L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information...
CVE-1999-0342
Linux PAM modules allow local users to gain root access using temporary files...
PT-1998-1081 · Linux · Linux Pam
Name of the Vulnerable Software and Affected Versions: Linux PAM affected versions not specified Description: The issue allows local users to gain root access using temporary files. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...
CVE-1999-1038
Tiger 2.2.3 allows local users to overwrite arbitrary files via a symlink attack on various temporary files in Tiger's default working directory, as defined by the WORKDIR variable...
CVE-1999-1036
COPS 1.04 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files in 1 resdiff, 2 ca.src, and 3 mail.chk...
[SECURITY] New version of premail fixes /tmp file problem
We have received a report that premail uses temporary files in /tmp using unsecure methods for opening them. This is fixed in the new 0.45-4 release. We recommend you upgrade your samba package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 1.3.1 alias bo Source...
CVE-1999-1095
sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort...
Solaris 2.5.1 lp and lpsched Symlink Vulnerabilities
Exploit for solaris platform in category local exploits ==================================================== Solaris 2.5.1 lp and lpsched Symlink Vulnerabilities ==================================================== !/bin/sh lpNet & temp file exploit: break lp, then use lp priv to break root or bi...
Solaris 7.0 - aspppd Insecure Temporary File Creation
source: https://www.securityfocus.com/bid/292/info Aspppd is a tool shipped with Solaris for dial up PPP access. This tool creates files in the /tmp directory insecurely in particular /tmp/.asppp.fifo allowing other users to link to these files an possibly elevate their privelages. This program i...