Potential security problem with mtr

Hi. One of my users asked me to install mtr, most adequately described as a GUI:ed combination of traceroute and ping. I thought it looked cool, and had a closer look. In this mail follows a warning about a potential security problem with this program if installed as suggested. No exploit has bee...

OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink

source: https://www.securityfocus.com/bid/1232/info A vulnerability exists in OpenLDAP as shipped with some versions of Linux, including RedHat 6.1 and 6.2, and TurboLinux 6.0.2 and earlier. OpenLDAP will create files in /usr/tmp, which is actually a symbolic link to the world writable /tmp...

Sam Hawker wmcdplay 1.0 beta1-2 - Local Buffer Overflow (2)

source: https://www.securityfocus.com/bid/1047/info wmcdplay is cdplayer generally used with the WindowMaker X11 window-manager on unix systems. While wmcdplay is rarely installed at all by default, when it is installed it is typically set setuid root. wmcdplay is vulnerable to a buffer overflow...

WorldView 6.5Wnn4 4.2 - Asian Language Server Remote Buffer Overflow

WorldView 6.5Wnn4 4.2 - Asian Language Server Remote Buffer Overflow // source: https://www.securityfocus.com/bid/1603/info A remote buffer overflow exists in the Asian language servers portion of a number of different implementations of Wnn. It has been reported that only systems that have...

CVE-1999-0515

An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv...

Matt Wright - FormHandler.cgi 2.0 Reply Attachment

Matt Wright - FormHandler.cgi 2.0 Reply Attachment source: https://www.securityfocus.com/bid/799/info Any file that the FormHandler.cgi has read access to the cgi is typically run as user 'nobody' on Unix systems can be specified as an attachment in a reply email. This could allow an attacker to...

Matt Wright - 'FormHandler.cgi' 2.0 Reply Attachment

source: https://www.securityfocus.com/bid/799/info Any file that the FormHandler.cgi has read access to the cgi is typically run as user 'nobody' on Unix systems can be specified as an attachment in a reply email. This could allow an attacker to gain access to sensitive files such as /etc/passwd...

SCO_root_exploit.txt

Greetings, A vulnerability exists in the /usr/lib/merge/dos7utils program suid root by default which allows any user to execute any command as root. The dos7utils program gets its localeset.sh exec path from the environment variable STATICMERGE. By setting this to a directory writable by us and...

CVE-1999-0377

Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services...

solaris_bof.txt

Subject: Solaris 2.7 /usr/bin/mail To: [email protected] Greetings, There is a possible buffer overflow vulnerability in Solaris 2.7's sgid mail /usr/bin/mail. The reason it's only a possibility and not a full blow exploit is that mail drops sgid privs before the overflow occurs. However ...

INN buffer overflow

...

libtermcap buffer overflow

...

oracle.8.0.5.intelligent.agent.txt

Date: Fri, 30 Apr 1999 14:11:39 +0100 From: Anthony Clarke To: [email protected] Subject: Huge security hole in Oracle 8.0.5 with Intellegent agent installed oracle-digested ------------- Begin Forwarded Message ------------- Subject: Huge security hole in Oracle 8.0.5 with Intellegent agent...

process.table.attacks.txt

Date: Fri, 19 Feb 1999 16:08:06 -0500 From: "Simson L. Garfinkel" Subject: Process-table attack Wide-ranging attack works against almost any UNIX systems on the Internet ABSTRACT: The Process Table Attack is a relatively new kind of denial-of-service attack that can be waged against numerous...

tcpwrapper-backdoor.txt

Date: Thu, 21 Jan 1999 11:38:17 -0500 From: Wietse Venema To: [email protected] Subject: backdoored tcp wrapper source code TCP Wrappers is a widely-used security tool to protect UNIX systems against intrusion. In has an estimated installed base of millions. Today someone replaced the tcp...

mSQL.remote.txt

Date: Mon, 15 Feb 1999 04:56:24 -0500 From: Dave G. To: [email protected] Subject: KSRT Advisory 10: mSQL ServerStats KSRT Security Advisories http://www.ksrt.org [email protected] --- KSRT Advisory 010 Date: Feb. 15, 1999 ID : msql-info-010 Affected Program: mSQL Mini SQL 2.0.6 and below Operatin...

sshd.install.risks.txt

Date: Mon, 10 May 1999 22:26:19 +0200 From: "GWDVMS::MOELLER" Subject: Risks of upgrading a UNIX system When was the last time you rebuilt all privileged suid root' applications when upgrading a unix system, just in case? I'm pretty sure one can find small print' that demands this, however I'm...

CVE-1999-0377

Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services...

CVE-1999-0515

An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv...

CVE-2004-0912

...