2641 matches found
BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation
/ BSDiincmh buffer overflow, by [email protected]. this is will give you euid=0root on BSDi/3.0 systems. / define PATH "/usr/contrib/mh/bin/inc" / path to inc on BSDi/3.0 / define BUFFER 2048 / no need to change this. / define DEFAULTOFFSET -7000 / generalized offset. / static char exec=...
RedHat 0.4 b15 restore - Insecure Environment Variables
RedHat 0.4 b15 restore - Insecure Environment Variables source: https://www.securityfocus.com/bid/1914/info restore is a program for backup and recovery procedures, distributed with the RedHat Linux Operating System. A vulnerability exists that could allow a user elevated permissions. The problem...
RedHat 0.4 b15 restore - Insecure Environment Variables
source: https://www.securityfocus.com/bid/1914/info restore is a program for backup and recovery procedures, distributed with the RedHat Linux Operating System. A vulnerability exists that could allow a user elevated permissions. The problem occurs in the RSH environment variable. restore is...
XFree86 3.3.5/3.3.6 - Xlib Display Buffer Overflow
source: https://www.securityfocus.com/bid/1805/info A vulnerability exists in xlib, the C language interface to the X Window System protocol. When applications linked to the xlib library are run, user-supplied values for the DISPLAY environment variable and the command-line argument -display are...
Серьезная уязвимость многих Unix через locale в glibc
Функции работы с locale позволяют пользователям создавать пользовательские отображения строк, при этом не проверяется наличие форматных символов. Функции locale используются многими suid-приложениями. В некоторых случаях проблема становится удаленной из-за некорректной обработки переменных...
OpenBSD 2.x - fstat Format String
OpenBSD 2.x - fstat Format String // source: https://www.securityfocus.com/bid/1746/info fstat is a program shipped with BSD unix variants that is used to list the open files on a system. It is installed sgid kmem so it can access information about open files from the kernel memory structures. A...
Дырка в catopen (libc)
В дополнение к ошибке форматной строки в catopen/setlocale в catopen так же имеется переполнение буфера при разборе локальных переменных окружения...
telnet and rlogin URLs disclose sensitive information, including Environment variables
Overview Some telnet clients may disclose sensitive information in environment variables Description Web browsers can be configured to respond to certian protocol types through the use of a helper application. In this case, web browsers can respond to telnet: URLs with the use of a helper...
tco.txt
Synnergy Laboratories Advisory SLA-2000-14 NAME BSD/Linux telnet client overflow AFFECTED Linux Debian Redhat Mandrake Slackware possibly others BSD FreeBSD possible others SYNOPSIS Synnergy Labs has found a bug in the telnet client that causes a stack overflow by filling the DISPLAY environment...
Libc locale - Local Privilege Escalation (2)
Libc locale - Local Privilege Escalation 2 / source: https://www.securityfocus.com/bid/1634/info ectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...
CVE-2000-0331
Buffer overflow in Microsoft command processor CMD.EXE for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability...
CVE-2000-0331
CVE-2000-0331 affects Microsoft CMD.EXE on Windows NT and Windows 2000. The vulnerability is a buffer overflow caused by a long environment variable, enabling a local user to cause a denial of service. The available documents provide the root cause and impact but do not specify a remediation or p...
IRIX 5.25.36.x - TelnetD Environment Variable Format String
IRIX 5.25.36.x - TelnetD Environment Variable Format String // source: https://www.securityfocus.com/bid/1572/info A vulnerability exists in the telnet daemon shipped with Irix versions 6.2 through 6.5.8, and in patched versions of the telnet daemon in Irix 5.2 through 6.1, from Silicon Graphics...
Дырка в BRU Backup
имя лог-файла определяется переменной среды окружения $ BRUEXECLOG=/etc/passwd, что позволяет переписать любой файл в системе, т.к. приложение suid root...
BRU Vulnerability
BRU backup software Vulnerability: Description: You can change the log file BRU uses by changing the BRUEXECLOG environment variable. Since bru is setuid root you can append to any file on the system. Exploitation: $ BRUEXECLOG=/etc/passwd $ export BRUEXECLOG $ bru -V ' comsec::0:0::/:/bin/sh ' $...
BRU 15.116.0 - BRUEXECLOG Environment Variable
BRU 15.116.0 - BRUEXECLOG Environment Variable source: https://www.securityfocus.com/bid/1321/info A vulnerability exists in BRU, the Backup and Restore Utility, from Enhanced Software Technologies. By setting the value of the BRUEXECLOG environment variable, it is possible to an attack to alter...
BRU 15.1/16.0 - BRUEXECLOG Environment Variable
source: https://www.securityfocus.com/bid/1321/info A vulnerability exists in BRU, the Backup and Restore Utility, from Enhanced Software Technologies. By setting the value of the BRUEXECLOG environment variable, it is possible to an attack to alter and create files on the filesystem. As BRU is...
KDE 1.1/1.1.1/1.1.2/1.2 - kdesud DISPLAY Environment Variable Overflow
// source: https://www.securityfocus.com/bid/1274/info /usr/bin/kdesud has a DISPLAY environment variable overflow which could allow for the execution of arbitrary code. / KDE: /usr/bin/kdesud exploit by noir x86/Linux [email protected] | [email protected] DISPLAY env overflow this script will...
Black Watch Labs Vulnerability Alert
Dear Security Professional, The following vulnerability: "Environment and setup variables can be viewed through FormMail script" is in the text of the message below and has just been posted to the Black Watch Labs Web site at http://www.perfectotech.com/blackwatchlabs/ Thank you, Black Watch Labs...
CVE-1999-0782
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable...