3888 matches found
CVE-1999-1445
Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords...
CVE-1999-1224
IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT abort signal, which allows local users to crash the server imapd via certain sequences of commands, which causes a core dump that may contain sensitive password information...
CVE-1999-1413
Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg...
CVE-1999-1024
The CVE-1999-1024 entry concerns the ip_print path in tcpdump 3.4a. A packet with a zero-length header can trigger an infinite loop within ip_print, leading to a denial of service and core dump when tcpdump prints the packet. The vulnerability is network-transmissible and has a high impact as per...
CVE-1999-1413
Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg...
Security Advisory 2001-014: dump(8) exposes 'tty' group
-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2001-014 ================================= Topic: dump8 exposes 'tty' group Version: NetBSD-current: source prior to August 8, 2001 NetBSD 1.5.1: affected NetBSD 1.5: affected NetBSD 1.4.x: all affected Severity: local users can gain tty...
Linux dump uses environment variables insecurely, allowing for root compromise
Overview Some implementations of the Linux backup utility, dump, call external programs on remote machines via the RSH environment variable. This may permit an attacker to compromise root if dump is setuid root. Description Some implementations of the Linux backup utility, dump, permit use of...
cold fusion 5.0 cfrethrow exploit
Vulnerable: Cold Fusion 5.0 Invulnerable: Versions of Cold Fusion below 5.0 do not seem to have the same problem. OS: Only tried on RedHat Linus 2.4.2-2 1 Allaire reports a Cold Fusion bug that can be found at this address: http://www.allaire.com/Handlers/index.cfm?ID=17560&Method=Full. The bug...
Caldera OpenUnix8 Overflows (reject, lpsystem, su)
I contacted Caldera SCO about some local overflows in a few binaries that came default with my install of OpenUnix8... Here is a snippet of the email dialog between us. Due to the lack of access to the machine and lack of a good debugger on the system, I have not had time to put any further...
CVE-2001-0421
FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD command, which could release sensitive information such as shadowed...
CVE-2001-0373
The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information...
CVE-2001-0421
FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD command, which could release sensitive information such as shadowed...
CVE-2000-0375
The CVE-2000-0375 issue affects the FreeBSD 3.2 kernel. The vulnerability arises because the kernel follows symbolic links when creating core dump files, due to improper handling of symlinks. This allows a local attacker to modify arbitrary files (integrity impact: partial) by exploiting core dum...
CVE-2000-0375
The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files...
Solaris /usr/bin/cu Vulnerability
Description The /usr/bin/cu command contains a buffer overflow, the problem occurs when it copy his own name argv0 to an internal variable without checking out its lenght and this causes the overflow. Vulnerable Versions Sun Solaris 2.4 Sun Solaris 2.5 Sun Solaris 2.5.1 Sun Solaris 2.6 Sun Solari...
dump 0.4b15 (RedHat 6.2) - Local Privilege Escalation
dump 0.4b15 RedHat 6.2 - Local Privilege Escalation / dump-0.4b15x.c dump-0.4b15 exploit: Redhat 6.2 dump command executes external program with suid priviledge. affected: /sbin/dump /sbin/dump.static /sbin/restore /sbin/restore.static Bug found by [email protected] This example was coded by...
dump 0.4b15 exploit (Redhat 6.2)
Exploit for linux platform in category local exploits ================================ dump 0.4b15 exploit Redhat 6.2 ================================ / dump-0.4b15x.c dump-0.4b15 exploit: Redhat 6.2 dump command executes external program with suid priviledge. affected: /sbin/dump /sbin/dump.stat...
dump 0.4b15 (RedHat 6.2) - Local Privilege Escalation
/ dump-0.4b15x.c dump-0.4b15 exploit: Redhat 6.2 dump command executes external program with suid priviledge. affected: /sbin/dump /sbin/dump.static /sbin/restore /sbin/restore.static Bug found by [email protected] This example was coded by [email protected] It was written for EDUCATION...
Nokia firewalls
Hi, Well I just unwrapped my shiny new Nokia IP440 integrated Firewall-1/IDS appliance and thought to give it a once over. It appears to be a older fBSD kernel + some firewall checkpoint 4.1 + some IDS ISS + remote admin SSH/http. Now these vulnerabilities all require an authenticated user,...
dump 0.4b15 Local Root Exploit
Exploit for linux platform in category local exploits ============================== dump 0.4b15 Local Root Exploit ============================== !/bin/sh Redhat 6.2 dump command executes external program with suid priviledge. Discovered by Mat Written for and by a scriptkid Tasc ;P Remember,...