Mandrake Linux Security Advisory : openvpn (MDKSA-2006:069)

A vulnerability in OpenVPN 2.0 through 2.0.5 allows a malicious server to execute arbitrary code on the client by using setenv with the LDPRELOAD environment variable. Updated packages have been patched to correct this issue by removing setenv support. %NASLMINLEVEL 70300 C Tenable Network...

CVE-2006-1629

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LDPRELOAD environment variable...

Buffer overflow

Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATHINFO environment variable...

18ZLZA.txt

Summary: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000 http://www.zonelabs.com/ Details: During Windows startup the TrueVector service vsmon.exe - an integral piece of most Zone Labs products is set to startup automatically. The TrueVector service runs und...

CVE-2006-0628

myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATHINFO environment variable...

CVE-2006-0628

myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATHINFO environment variable...

Stack overflow

Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow local users to execute arbitrary code via long 1 ABLPATH or 2 ABLANG environment variables in the libAP library libAp.so.2 or 3 a long PHOTONPATH environment variable to the setitem function in the libph library...

Ubuntu 4.10 / 5.04 / 5.10 : sudo vulnerability (USN-235-2)

USN-235-1 fixed a vulnerability in sudo's handling of environment variables. Tavis Ormandy noticed that sudo did not filter out the PYTHONINSPECT environment variable, so that users with the limited privilege of calling a python script with sudo could still escalate their privileges. For referenc...

Buffer overflow

Unspecified vulnerability in Serial line sniffer aka slsnif 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer overflow...

slsnif serial line sniffer buffer overflow

Buffer overflow on parsing HOME environment variable...

CVE-2006-0151

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158...

CVE-2006-0151

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158...

CVE-2005-4604

Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable...

CVE-2005-4604

Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable...

CVE-2005-4604

Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable...

CVE-2005-4864

Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable...

CVE-2005-4604

Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable...

Linux printer drivers mtink buffer overflow

Buffer overflow on oversized HOME environment variable...

CVE-2005-4158

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the 1 PERLLIB, 2 PERL5LIB, and 3 PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included...

CVE-2005-4076

Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary code via a long APPFLUENTHOME environment variable...