[SECURITY] [DSA-091-1] OpenSSH UseLogin vulnerability

Package : ssh Problem type : influencing login Debian-specific: no If the UseLogin feature is enabled in for ssh local users could pass environment variables including variables like LDPRELOAD to the login process. This has been fixed by not copying the environment of UseLogin is enabled. Please...

Переполнения буфера в IODBC (buffer overflow)

Переполнение буфера при длинном имени DSN источника данных. Источник данных указывается через переменную окружения, что может привести к проблеме, например в случае неинициализированных переменных PHP...

CVE-2001-0739

Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges...

Php variables passed from the browser are stored in global context

Overview Php is a dynamic scripting language used by programmers to develop webservers, message boards, chat applications and a variety of programs. By default php stores variables passed from the URL in a global context. Programmers often fail to change this setting which can allow serious...

CVE-2001-1128

Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the 1 PROMSGS or 2 PROTERMCAP environment variables...

Очередные ошибки во многих PHP-скриптах.

Ошибки неинициализированных глобальных переменных...

CVE-2001-0482

Configuration error in Argus PitBull LX allows root users to bypass specified access control restrictions and cause a denial of service or execute arbitrary commands by modifying kernel variables such as MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to sysctl...

CVE-1999-1435

Buffer overflow in libsocks5 library of Socks 5 socks5 1.0r5 allows local users to gain privileges via long environmental variables...

Red Hat linux restore uses insecure environment variables allowing root compromise

Overview Some implementations of the Linux restoration utility, restore, call external programs on remote machines via the RSH environment variable. This may permit an attacker to compromise root if restore is setuid root. Description Some implementations of the Linux restoration utility, restore...

Утечка информации в Webridge (information leak)

В случае ошибюки показываются все серверные переменные...

NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability

NSFOCUS Security AdvisorySA2001-05 Topic: Solaris Xlock Heap Overflow Vulnerability Release DateЈє 2001-08-10 CVE CAN ID : CAN-2001-0652 BUGTRAQ ID : 3160 Affected system: ================ Sun Solaris 2.6 SPARC/x86 Sun Solaris 7 SPARC/x86 Sun Solaris 8 SPARC/x86 Impact: ========= NSFOCUS Security...

Неинициализированные PHP-переменные в Mambo Site Server (unauthorized access)

Классическая ошибка PHP позволяет неавторизованный административный доступ...

Дырка в Horde IMP (code execution)

Неинициализированные PHP-переменные позволяют выполнение скрипта заданного атакующим. Кроме того есть другие уязвимости...

CVE-2000-0892

Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL...

CVE-2001-1076

Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long 1 SOR or 2 CFIME environment variable...

CVE-2001-1159

loadprefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to 1 view sensitive files via the configphp and datadir options, and 2 execute arbitrary code by using optionsorder.php to upload a message...

CVE-2001-0482

Configuration error in Argus PitBull LX allows root users to bypass specified access control restrictions and cause a denial of service or execute arbitrary commands by modifying kernel variables such as MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to sysctl...

glibc unsetenv fails to properly handle environment variables passed more than once to a program

Overview The glibc implementation of unsetenv fails to properly remove one of two successive occurrences of the same environment variable if the variable is redundently passed to a program. Description The glibc implementation of unsetenv, if called to remove an environment variable that occurs t...

CVE-2001-0012

BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables...

CVE-2000-1124

Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables...