CVE-2006-6418

Buffer overflow in the POSIX Threads library libpthread on HP Tru64 UNIX 4.0F PK8, 4.0G PK4, and 5.1A PK6 allows local users to gain root privileges via a long PTHREADCONFIG environment variable...

OpenBSD LD.SO本地环境变量清除漏洞

OpenBSD是一款开放源代码的操作系统。 OpenBSD ELF ld.so1不正确过滤环境变量，本地攻击者可以利用漏洞绕过安全设置或可能造成任意指令执行。 目前没有详细漏洞细节提供。 penBSD OpenBSD 4.0 OpenBSD OpenBSD 3.9 补丁下载： OpenBSD OpenBSD 4.0 OpenBSD 005ldso.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/005ldso.patch OpenBSD OpenBSD 3.9 OpenBSD 016ldso.patch...

GLSA-200611-15 : qmailAdmin: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200611-15 qmailAdmin: Buffer overflow qmailAdmin fails to properly handle the 'PATHINFO' variable in qmailadmin.c. The PATHINFO is a standard CGI environment variable filled with user-supplied data. Impact : A remote attacker coul...

HP Tru64 Unix libpthread buffer overflow

Buffer overflow on parsing PTHREADCONFIG environment variable...

Apple MacOS X Xcode OpenBase SQL privilege escalation

On executing tar from suid root application TAROPTIONS environment variable is not unset, making it possible to execute any application with root privileges. External application are executed with relative path. Dynamic libraries are loaded with relative path. Symbolic links problem...

CVE-2006-5466

Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ruRU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages...

CVE-2006-5466

Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ruRU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages...

DEBIAN-CVE-2006-5397

The Xinput module modules/im/ximcp/imLcIm.c in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor...

CVE-2006-5397

The Xinput module modules/im/ximcp/imLcIm.c in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor...

CVE-2006-5397

The Xinput module modules/im/ximcp/imLcIm.c in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor...

CVE-2006-5397

The Xinput module modules/im/ximcp/imLcIm.c in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor...

Resolv+ (RESOLV_HOST_CONF) Linux Library Local Exploit

No description provided by source. setenv RESOLVHOSTCONF /etc/shadow; ping adfas...

FreeBSD TOP Format String Vulnerability

No description provided by source. / freebsd x86 top exploit affected under top-3.5beta9 including this version 1. get the address of .dtors from /usr/bin/top using objdump , 'objdump -s -j .dtors /usr/bin/top' 2. divide it into four parts, and set it up into an environment variable like "XSEO=" ...

CVE-2006-5556

Buffer overflow in the localtimer function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable...

HP-UX LIBC TZ环境变量本地溢出漏洞

HP-UX是一款HP公司开发的UNIX操作系统。 HP-UX的LIBC实现在处理TZ环境变量时存在缓冲区溢出漏洞，本地攻击者可能利用此漏洞提升权限。 由于没有在localtimer及相关函数中执行充分的边界检查，HP-UX的libc库在处理TZ环境变量时存在栈溢出漏洞。任何使用timezone函数的suid或sgid程序都受这个漏洞影响。成功攻击可能导致权限提升。 HP HP-UX B.11.11 HP HP-UX B.11.04 HP HP-UX B.11.00 HP已经为此发布了一个安全公告（HPSBUX02091）以及相应补丁: HPSBUX02091：SSRT061099 rev...

HP-UX 11i - LIBC TZ Enviroment Variable Privilege Escalation

HP-UX 11i - LIBC TZ Enviroment Variable Privilege Escalation / HP-UX libc timezone environment overflow exploit ================================================ HP-UX libc contains an exploitable stack overflow in the handling of "TZ" environment variable. The problem occurs due to insufficient...

CVE-2006-5327

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain...

Debian DSA-1075-1 : awstats - programming error

Hendrik Weimer discovered that awstats can execute arbitrary commands under the user id the web-server runs when users are allowed to supply arbitrary configuration files. Even though, this bug was referenced in DSA 1058 accidentally, it was not fixed yet. The new default behaviour is not to acce...

Sun Solaris NSPR library privilege escalation

Environment variable is used for log filename...

AIX 5.1 : IY27322

The remote host is missing AIX Critical Security Patch number IY27322 SECURITY: Environment variable name string too short.. You should install this patch for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...