35 matches found
Solaris 7/8/9 CDE libDtHelp - Buffer Overflow dtprintinfo Privilege Escalation
Solaris 7/8/9 CDE libDtHelp - Buffer Overflow dtprintinfo Privilege Escalation. CVE-2003-0834. Local exploit for Solaris platform / $Id: raptorlibdthelp.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorlibdthelp.c - libDtHelp.so local, Solaris/SPARC 7/8/9 Copyright c 2003-2004 Marco Ivaldi Buffer...
CVE-2003-1033
The 1 instdbmsrv and 2 instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious...
CVE-2004-0074
Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via 1 a long LANG environment variable, or 2 a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949...
TerminatorX 3.8 - Multiple Command-Line and Environment Buffer Overrun Vulnerabilities (1)
// source: https://www.securityfocus.com/bid/8993/info It has been reported that TerminatorX may be prone to multiple vulnerabilities when handling command-line and environment variable data. As a result, an attacker may be capable of exploiting the application in a variety of ways to execute...
CVE-2003-0704
KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVERKEXT environment variable in 1 vihadriver.sh, 2 macjackload.sh, 3 airojackload.sh, 4 setuidenable.sh, 5 setuiddisable.sh, and using a "similar...
GNU GNATS 3.113 - Environment Variable Buffer Overflow
GNU GNATS 3.113 - Environment Variable Buffer Overflow // source: https://www.securityfocus.com/bid/8005/info It has been reported that GNATS is prone to a buffer overflow condition when parsing certain environment variables. An attacker can exploit this vulnerability by setting an overly long...
CVE-2003-0337
The ckconfig command in lsadmin for Load Sharing Facility LSF 5.1 allows local users to execute arbitrary programs by modifying the LSFENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSFSERVERDIR to point to a malicious lim program, which lsadmin then executes...
CVE-2002-1506
Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONFLANG environment variable, which overflows an error string that is generated...
XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (3)
// source: https://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment variable. A local attacker can exploi...
Solaris 2.6/7/8 - 'TTYPROMPT in.telnet' Remote Authentication Bypass
Solaris TTYPROMPT Security Vulnerability Telnet This vulnerability is very simple to exploit, since it does not require any code to be compiled by an attacker. The vulnerability only requires the attacker to simply define the environment variable TTYPROMPT to a 6-character string, inside telnet...
BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation
/ BSDiincmh buffer overflow, by [email protected]. this is will give you euid=0root on BSDi/3.0 systems. / define PATH "/usr/contrib/mh/bin/inc" / path to inc on BSDi/3.0 / define BUFFER 2048 / no need to change this. / define DEFAULTOFFSET -7000 / generalized offset. / static char exec=...
Libc locale - Local Privilege Escalation (2)
Libc locale - Local Privilege Escalation 2 / source: https://www.securityfocus.com/bid/1634/info ectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...
Oracle 8 8.1.5 - Intelligent Agent (1)
Oracle 8 8.1.5 - Intelligent Agent 1 source: https://www.securityfocus.com/bid/585/info A vulnerability in the Oracle Intelligent Agent allows local malicious users to execute arbitrary commands and to create world writable files as the root user. The problem lies in the dbsnmp program located in...
Armidale Software Yapp Conferencing System 2.2 - Local Buffer Overflow
Armidale Software Yapp Conferencing System 2.2 - Local Buffer Overflow // source: https://www.securityfocus.com/bid/365/info Armidale Software's Yapp Conferencing System is vulnerable to an environment variable related buffer overflow vulnerability in at least the Linux version. The consequence o...
SGI IRIX 6.4 - 'rmail' Local Privilege Escalation
source: https://www.securityfocus.com/bid/460/info A vulnerability exists in the rmail utility, included by SGI with it's Irix operating system. By failing to sanity check the contents of an environment variable, arbitrary commands may be executed with gid mail. rmail is used with uucp. The...