459 matches found
CVE-1999-0841
Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type...
Solaris 7.0 - CDE dtmailmailtool Buffer Overflow
Solaris 7.0 - CDE dtmailmailtool Buffer Overflow // source: https://www.securityfocus.com/bid/832/info here are three buffer overflow vulnerabilities in the CDE mail utilities, all of which are installed sgid mail by default. The first is exploited through overrunning a buffer in the Content-Type...
Solaris 7.0 - CDE dtmail/mailtool Buffer Overflow
// source: https://www.securityfocus.com/bid/832/info here are three buffer overflow vulnerabilities in the CDE mail utilities, all of which are installed sgid mail by default. The first is exploited through overrunning a buffer in the Content-Type: field, which would look something like this:...
CVE-1999-0112
CVE-1999-0112 describes a buffer overflow in the AIX dtterm program used by the CDE. Affected: AIX dtterm (CDE component). Root cause: buffer overflow. Impact: CVSS v2 base score 7.2; impacts confidentiality, integrity, and availability; exploit is local with no authentication and no user interac...
CVE-1999-0014
CVE-1999-0014 affects the dtappgather component of CDE. The connected records consistently describe the issue as enabling unauthorized privileged access or denial of service via dtappgather. The available documents do not provide specifics on affected products, versions, root cause details, explo...
dtaction.digital.unix.vuln.txt
Zack Hubert [email protected] Sent: Thursday, September 16, 1999 12:39 PM Subject: Vulnerability in dtaction on Digital Unix I have verified that the dtaction vulnerability in CDE can be exploited for local root compromise on Digital Unix systems. Background -------------- This is a followup to th...
dtspcd_vuln.txt
Subject: Vulnerability in dtspcd To: [email protected] Hello, I discovered the following security problem in dtspcd, part of CDE: Description ----------- The CDE subprocess daemon /usr/dt/bin/dtspcd contains an insufficient check on client credentials. Impact ------ The insufficient check...
ttsession_vuln.txt
Subject: Vulnerability in ttsession To: [email protected] Hello, I discovered the following security problem in ttsession, part of CDE: Description ----------- The ToolTalk session daemon ttsession does not properly check client credentials. Impact ------ The insufficient check can lead t...
CVE-1999-0689
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack...
DIGITAL UNIX 4.0 def AIX 4.3.2 CDE 2.1 IRIX 6.5.14 Solaris 7.0 - Local Buffer Overflow
DIGITAL UNIX 4.0 def AIX 4.3.2 CDE 2.1 IRIX 6.5.14 Solaris 7.0 - Local Buffer Overflow / source: https://www.securityfocus.com/bid/635/info TRU64/DIGITAL UNIX 4.0 d/e/f,AIX include include include define BUFLEN 998 char exploitcode =...
DIGITAL UNIX 4.0 df AIX 4.3.2 CDE 2.1 IRIX 6.5.14 Solaris 7.0 SunOS 4.1.4 - Local Buffer Overflow
DIGITAL UNIX 4.0 df AIX 4.3.2 CDE 2.1 IRIX 6.5.14 Solaris 7.0 SunOS 4.1.4 - Local Buffer Overflow / source: https://www.securityfocus.com/bid/641/info TRU64/DIGITAL UNIX 4.0 d/f,AIX Somehow the overflow is very sensitive to caching of the stack. To see that it really does work, run it in a debugg...
DIGITAL UNIX 4.0 d/e/f / AIX 4.3.2 / CDE 2.1 / IRIX 6.5.14 / Solaris 7.0 - Local Buffer Overflow
/ source: https://www.securityfocus.com/bid/635/info TRU64/DIGITAL UNIX 4.0 d/e/f,AIX include include include define BUFLEN 998 char exploitcode = "\xeb\x18\x5e\x33\xc0\x33\xdb\xb3\x08\x2b\xf3\x88\x06\x50\x50\xb0" "\x8d\x9a\xff\xff\xff\xff\x07\xee\xeb\x05\xe8\xe3\xff\xff\xff"...
CDE RPC tooltalk Service Multiple Overflows
The tooltalk RPC service is running. A possible implementation fault in the ToolTalk object database server may allow an attacker to execute arbitrary commands as root. This warning may be a false positive since the presence of this vulnerability is only accurately identified with local access. C...
du.4.0e.var.perms.txt
Date: Sun, 4 Apr 1999 20:31:12 +0300 From: Harhalakis Stefanos To: [email protected] Subject: Digital Unix 4.0E /var permission On Digital Unix 4.0E with the latest patch kit aplied, after a new installation /var has g+w for group system. Anyone that can crack any account with gid==system may...
CVE-1999-0690
HP CDE program includes the current directory in root's PATH variable...
CVE-1999-0696
Buffer overflow in CDE Calendar Manager Service Daemon rpc.cmsd...
Sun Solaris 7.0 - usrdtbindtprintinfo Local Buffer Overflow
Sun Solaris 7.0 - usrdtbindtprintinfo Local Buffer Overflow / source: https://www.securityfocus.com/bid/249/info The dtprintinfo is a setuid commands open the CDE Print Manager window. A stack based buffer overflow in the handling of the "-p" option allow the execution of arbitrary code as root...
Sun Solaris 7.0 - '/usr/dt/bin/dtprintinfo' Local Buffer Overflow
/ source: https://www.securityfocus.com/bid/249/info The dtprintinfo is a setuid commands open the CDE Print Manager window. A stack based buffer overflow in the handling of the "-p" option allow the execution of arbitrary code as root. This vulnerablity has been assigned Sun Bug 4139394. The...
CVE-1999-1025
CDE screen lock program screenlock on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string...