Solaris 2.678 - TTYPROMPT in.telnet Remote Authentication Bypass

Solaris 2.678 - TTYPROMPT in.telnet Remote Authentication Bypass Solaris TTYPROMPT Security Vulnerability Telnet This vulnerability is very simple to exploit, since it does not require any code to be compiled by an attacker. The vulnerability only requires the attacker to simply define the...

Solaris 2.6/7/8 - 'TTYPROMPT in.telnet' Remote Authentication Bypass

Solaris TTYPROMPT Security Vulnerability Telnet This vulnerability is very simple to exploit, since it does not require any code to be compiled by an attacker. The vulnerability only requires the attacker to simply define the environment variable TTYPROMPT to a 6-character string, inside telnet...

CVE-2002-0905

Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable...

solaris.login.txt

Hello, Solaris 2.6, 7, and 8 /bin/login has a vulnerability involving the environment variable TTYPROMPT. This vulnerability has already been reported to BugTraq and a patch has been released by Sun. However, a very simple exploit, which does not require any code to be compiled by an attacker,...

CVE-2002-1128

Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable...

HP Tru64 - NLSPATH Environment Variable Local Buffer Overflow (2)

source: https://www.securityfocus.com/bid/5647/info Tru64 is a commercially available UNIX operating system. Tru64 was originally developed by Digital and is now distributed and maintained by HP. A buffer overflow has been discovered in a number of Tru64 binaries. Attackers may exploit this via a...

Linuxconf 1.1.x1.2.x - Local Environment Variable Buffer Overflow (1)

Linuxconf 1.1.x1.2.x - Local Environment Variable Buffer Overflow 1 // source: https://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. ...

Linuxconf 1.1.x1.2.x - Local Environment Variable Buffer Overflow (2)

Linuxconf 1.1.x1.2.x - Local Environment Variable Buffer Overflow 2 // source: https://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. ...

Linuxconf 1.1.x1.2.x - Local Environment Variable Buffer Overflow (3)

Linuxconf 1.1.x1.2.x - Local Environment Variable Buffer Overflow 3 source: https://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. A...

Buffer overflow in linuxconf

Buffer overflow in environment variable parsing...

Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (3)

source: https://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. A buffer overflow vulnerability has been reported for Linuxconf. The...

qmailadmin SUID buffer overflow

qmailadmin is not part of qmail. It's from http://inter7.com/qmailadmin/ and I guess you can download from there and play with it, although the versions I am using were built from the FreeBSD ports tree and also from a Linux RPM I grabbed from:...

qmailadmin 1.0.x - Local Buffer Overflow

/ source: https://www.securityfocus.com/bid/5404/info The qmailadmin utility, developed by Inter7, is vulnerable to a buffer overflow condition. It is meant to run as a CGI program and is typically installed setuid owned by root on some systems, regular users on others. qmailadmin fails to...

HP Tru64 - NLSPATH Environment Variable Local Buffer Overflow (1)

source: https://www.securityfocus.com/bid/5647/info Tru64 is a commercially available UNIX operating system. Tru64 was originally developed by Digital and is now distributed and maintained by HP. A buffer overflow has been discovered in a number of Tru64 binaries. Attackers may exploit this via a...

CVE-2002-0043

This CVE affects sudo versions 1.6.0–1.6.3p7. The issue is that sudo does not properly clear the environment before calling the mail program, allowing a local user to gain root privileges by manipulating environment variables and how the mail program is invoked. Documented impact is local privile...

CVE-2002-0143

Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable...

Another flaw in Apache?

Hello. While playing with the SetEnv directive with Apache, I noticed that httpd processes are dying with a signal 11 if the data stored in an environment variable was too long. I simply triggered the bug by creating a .htaccess file so a regular user can do it with : SetEnv DATELOCALE "..." The...

QNX RTOS 6.1 - usrphotonbinphlocale Environment Variable Buffer Overflow

QNX RTOS 6.1 - usrphotonbinphlocale Environment Variable Buffer Overflow / source: https://www.securityfocus.com/bid/4917/info The QNX phlocale utility is prone to an exploitable buffer overflow condition. This is due to insufficient bounds checking of the ABLANG environment variable. Exploitatio...

IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (2)

IBM Informix SE 7.25 sqlexec - Local Buffer Overflow 2 source: https://www.securityfocus.com/bid/4891/info Informix is an enterprise database distributed and maintained by IBM. A buffer overflow vulnerability has been reported for Informix-SE for Linux. The overflow is due to an unbounded string...

IRIX rpc/HOSTALIASES vulnerability

Malformed RPC packet can result DoS against system. Priveleged application can be overflowed by HOSTALIASES environment variable resulting to local privelege elevation...