golddig -- local buffer overflow vulnerabilities

Two buffer overflow vulnerabilities where detected. Both issues can be used by local users to gain group games privileges on affected systems. The first overflow exists in the map name handling and can be triggered when a very long name is given to the program during command-line execution The...

CVE-2004-0884

CVE-2004-0884 affects the Cyrus-SASL libraries (libsasl and libsasl2) up to version 2.1.18. The vulnerability arises because these libraries trust the SASL_PATH environment variable to locate SASL plug-ins, allowing a local attacker to cause arbitrary code execution by pointing SASL_PATH to malic...

DSA-563-3 cyrus-sasl - unsanitised input

Bulletin has no description...

GLSA-200410-03 : NetKit-telnetd: buffer overflows in telnet and telnetd

The remote host is affected by the vulnerability described in GLSA-200410-03 NetKit-telnetd: buffer overflows in telnet and telnetd A possible buffer overflow exists in the parsing of option strings by the telnet daemon, where proper bounds checking is not applied when writing to a buffer...

CVE-2004-0747

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables...

GLSA-200409-18 : cdrtools: Local root vulnerability in cdrecord if set SUID root

The remote host is affected by the vulnerability described in GLSA-200409-18 cdrtools: Local root vulnerability in cdrecord if set SUID root Max Vozeler discovered that the cdrecord utility, when set to SUID root, fails to drop root privileges before executing a user-supplied RSH program. By...

cdrecord fails to set proper permissions on programs specified in RSH environment variable

Overview Cdrecord can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges. Description Cdrecord is an application used to create data or audio compact discs. Cdrecord permits the use of CD recorders on remote machine...

star fails to set proper permissions on programs specified in RSH environment variable

Overview Star can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges. Description Star is a tape archiving program similar to tar. Star permits the use of storage devices on remote machines via an access program on...

CVE-2004-0806

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges...

CVE-2004-1683

A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap...

CVE-2002-1414

Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMINTEMPLATEDIR environment variable...

CVE-2002-1239

The CVE-2002-1239 issue affects QNX Neutrino RTOS 6.2.0 where a setuid root packager uses external commands without full paths, causing local privilege escalation by manipulating PATH to point to a malicious cp. The underlying problem is unvalidated PATH-based execution of external binaries, enab...

CVE-2001-0548

CVE-2001-0548 describes a buffer overflow in Solaris 2.6/7’s dtmail MUA triggered by the MAIL environment variable, allowing local users to gain privileges. Affected component: dtmail; impact: local privilege escalation (to the mail group). Underlying cause: insufficient boundary checking of envi...

CVE-2004-0089

Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable...

CVE-2003-0088

TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information...

GLSA-200408-24 : Linux Kernel: Multiple information leaks

The remote host is affected by the vulnerability described in GLSA-200408-24 Linux Kernel: Multiple information leaks The Linux kernel allows a local attacker to obtain sensitive kernel information by gaining access to kernel memory via several leaks in the /proc interfaces. These vulnerabilities...

Linux Kernel: Multiple information leaks

Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description The Linux kernel allo...

Apache Httpd < 2.0.51 : Environment variable expansion flaw

A buffer overflow was found in the expansion of environment variables during configuration file parsing. This issue could allow a local user to gain the privileges of a httpd child if a server can be forced to parse a carefully crafted .htaccess file written by a local user...

Mandrake Linux Security Advisory : webmin (MDKSA-2001:059)

Recently, Caldera found that when webmin starts a system daemon from the web frontend it does not clear its environment variables. Since these variables contain the authorization of the administrator, any daemon would also get these variables. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

FreeBSD : lbreakout2 vulnerability in environment variable handling (87)

The following package needs to be updated: lbreakout2 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgad4f6ca4672011d89fb5000a95bc6fae.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...