Lucene search
K

2668 matches found

Prion
Prion
added 2009/02/20 6:47 a.m.18 views

Design/Logic Flaw

systerm.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client,...

9.3CVSS8.2AI score0.09355EPSS
Exploits1References5Affected Software1
OpenVAS
OpenVAS
added 2009/02/20 12:0 a.m.20 views

Wireshark Multiple Vulnerabilities Feb-09 (Windows)

This host is installed with Wireshark and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbwiresharkmultvulnfeb09win.nasl 4970 2017-01-09 15:00:59Z teissa $ Wireshark Multiple Vulnerabilities Feb-09 Windows Authors: Sujit Ghosal Copyright: Copyright c 2009 Greenbone Network...

5CVSS6.3AI score0.02625EPSS
Exploits2References3
Cvelist
Cvelist
added 2009/02/18 5:0 p.m.24 views

CVE-2009-0641

systerm.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client,...

7.5AI score0.09355EPSS
Exploits1References5
securityvulns
securityvulns
added 2009/02/17 12:0 a.m.27 views

FreeBSD telnetd privilege escalation

LDxxx environment variable are not cleared on 'login' execution, makeing it's possible to execute code witi root privileges. For remote exploitation it's required to have ability to upload the file to remote system via FTP, Web, etc...

4AI score
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2009/02/17 12:0 a.m.44 views

FreeBSD telnetd sys_term.c Environment Variable Handling Privilege Escalation (FreeBSD-SA-09:05)

A flaw in the environment-handling code used by the telnet server running on the remote host fails to scrub the environment of variables such as 'LDPRELOAD' before calling the login program. An attacker who can place an arbitrary library on the remote host, either as a local user or remotely...

9.3CVSS5.9AI score0.09355EPSS
Exploits1References3
OSV
OSV
added 2009/02/16 8:30 p.m.1 views

DEBIAN-CVE-2009-0601

Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service application crash via format string specifiers in the HOME environment variable...

2.1CVSS6.4AI score0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 2009/02/16 8:0 p.m.26 views

CVE-2009-0601

Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service application crash via format string specifiers in the HOME environment variable...

5.8AI score0.00371EPSS
Exploits0References10
securityvulns
securityvulns
added 2009/02/16 12:0 a.m.31 views

[Full-disclosure] FreeBSD zeroday

FreeBSD 7.0-RELEASE telnet daemon local privilege escalation - And possible remote root code excution. There is a rather big bug in the current FreeBSD telnetd daemon. The environment is not properly sanitized when execution /bin/login, what leads to a possible remote root hole. The telnet protoc...

0.6AI score
Exploits0
Prion
Prion
added 2009/02/13 5:30 p.m.15 views

Code injection

Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...

4.6CVSS6.7AI score0.00381EPSS
Exploits1References20Affected Software1
OSV
OSV
added 2009/02/13 5:30 p.m.8 views

CVE-2009-0361

Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...

6.1AI score
Exploits0References20
Debian CVE
Debian CVE
added 2009/02/13 5:0 p.m.41 views

CVE-2009-0361

Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...

4.6CVSS8.7AI score0.00381EPSS
Exploits1
seebug.org
seebug.org
added 2009/02/13 12:0 a.m.55 views

pam-krb5 KRB5CCNAME环境变量本地权限提升漏洞

BUGTRAQ ID: 33741 CVECAN ID: CVE-2009-0361 pam-krb5提供了支持认证、授权、用户票据缓存处理等功能的Kerberos v5 PAM模块。 在刷新已有的用户凭据时pam-krb5会使用PAMREINITIALIZECREDS或PAMREFRESHCREDS调用pamsetcred,因此会使用已有的KRB5CCNAME环境变量确定已有的Kerberos凭据缓存。如果setuid应用程序没有首先调用PAMESTABLISHCREDS或丢弃权限便调用了这些API的话,pam-krb5就可能覆盖KRB5CCNAME指定给攻击者的文件并更改该文件的权限...

4.6CVSS9.4AI score0.00381EPSS
Exploits1
Prion
Prion
added 2008/12/23 6:30 p.m.16 views

Design/Logic Flaw

general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSLCLIENTCERT environment variable. NOTE: in some environments, SSLCLIENTCERT always has a base64-encoded string value, which may...

10CVSS8.2AI score0.03007EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2008/10/03 3:7 p.m.20 views

Design/Logic Flaw

pamkrb5 2.2.14 in Red Hat Enterprise Linux RHEL 5 and earlier, when the existingticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename a...

4.4CVSS6.5AI score0.00353EPSS
Exploits0References16Affected Software2
OSV
OSV
added 2008/09/04 5:41 p.m.1 views

DEBIAN-CVE-2008-3908

Multiple buffer overflows in Princeton WordNet wn 3.0 allow context-dependent attackers to execute arbitrary code via 1 a long argument on the command line; a long 2 WNSEARCHDIR, 3 WNHOME, or 4 WNDBVERSION environment variable; or 5 a user-supplied dictionary aka data file. NOTE: since WordNet...

10CVSS8.2AI score0.04429EPSS
Exploits0References1
Prion
Prion
added 2008/09/04 5:41 p.m.8 views

Buffer overflow

Multiple buffer overflows in Princeton WordNet wn 3.0 allow context-dependent attackers to execute arbitrary code via 1 a long argument on the command line; a long 2 WNSEARCHDIR, 3 WNHOME, or 4 WNDBVERSION environment variable; or 5 a user-supplied dictionary aka data file. NOTE: since WordNet...

10CVSS7.8AI score0.04429EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2008/09/04 5:41 p.m.4 views

CVE-2008-3908

Multiple buffer overflows in Princeton WordNet wn 3.0 allow context-dependent attackers to execute arbitrary code via 1 a long argument on the command line; a long 2 WNSEARCHDIR, 3 WNHOME, or 4 WNDBVERSION environment variable; or 5 a user-supplied dictionary aka data file. NOTE: since WordNet...

7.5AI score
Exploits0References12
OpenVAS
OpenVAS
added 2008/09/04 12:0 a.m.5 views

FreeBSD Ports: sudo

The remote host is missing an update to the system as announced in the referenced advisory. VID 045944a0-6bca-11d9-aaa6-000a95bc6fae OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

7.4AI score
Exploits0
Prion
Prion
added 2008/08/05 7:41 p.m.12 views

Stack overflow

Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 aka 9.0.4, and Ingres 2006 release 2 aka 9.1.0 on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running 1 verifydb, 2 iimerge, or 3 csrepor...

4.6CVSS7.5AI score0.00444EPSS
Exploits1References11Affected Software1
Cvelist
Cvelist
added 2008/08/05 7:20 p.m.27 views

CVE-2008-3389

Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 aka 9.0.4, and Ingres 2006 release 2 aka 9.1.0 on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running 1 verifydb, 2 iimerge, or 3 csrepor...

6.8AI score0.00444EPSS
Exploits1References11
Rows per page
Query Builder