2668 matches found
Design/Logic Flaw
systerm.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client,...
Wireshark Multiple Vulnerabilities Feb-09 (Windows)
This host is installed with Wireshark and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbwiresharkmultvulnfeb09win.nasl 4970 2017-01-09 15:00:59Z teissa $ Wireshark Multiple Vulnerabilities Feb-09 Windows Authors: Sujit Ghosal Copyright: Copyright c 2009 Greenbone Network...
CVE-2009-0641
systerm.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client,...
FreeBSD telnetd privilege escalation
LDxxx environment variable are not cleared on 'login' execution, makeing it's possible to execute code witi root privileges. For remote exploitation it's required to have ability to upload the file to remote system via FTP, Web, etc...
FreeBSD telnetd sys_term.c Environment Variable Handling Privilege Escalation (FreeBSD-SA-09:05)
A flaw in the environment-handling code used by the telnet server running on the remote host fails to scrub the environment of variables such as 'LDPRELOAD' before calling the login program. An attacker who can place an arbitrary library on the remote host, either as a local user or remotely...
DEBIAN-CVE-2009-0601
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service application crash via format string specifiers in the HOME environment variable...
CVE-2009-0601
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service application crash via format string specifiers in the HOME environment variable...
[Full-disclosure] FreeBSD zeroday
FreeBSD 7.0-RELEASE telnet daemon local privilege escalation - And possible remote root code excution. There is a rather big bug in the current FreeBSD telnetd daemon. The environment is not properly sanitized when execution /bin/login, what leads to a possible remote root hole. The telnet protoc...
Code injection
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...
CVE-2009-0361
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...
CVE-2009-0361
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...
pam-krb5 KRB5CCNAME环境变量本地权限提升漏洞
BUGTRAQ ID: 33741 CVECAN ID: CVE-2009-0361 pam-krb5提供了支持认证、授权、用户票据缓存处理等功能的Kerberos v5 PAM模块。 在刷新已有的用户凭据时pam-krb5会使用PAMREINITIALIZECREDS或PAMREFRESHCREDS调用pamsetcred,因此会使用已有的KRB5CCNAME环境变量确定已有的Kerberos凭据缓存。如果setuid应用程序没有首先调用PAMESTABLISHCREDS或丢弃权限便调用了这些API的话,pam-krb5就可能覆盖KRB5CCNAME指定给攻击者的文件并更改该文件的权限...
Design/Logic Flaw
general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSLCLIENTCERT environment variable. NOTE: in some environments, SSLCLIENTCERT always has a base64-encoded string value, which may...
Design/Logic Flaw
pamkrb5 2.2.14 in Red Hat Enterprise Linux RHEL 5 and earlier, when the existingticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename a...
DEBIAN-CVE-2008-3908
Multiple buffer overflows in Princeton WordNet wn 3.0 allow context-dependent attackers to execute arbitrary code via 1 a long argument on the command line; a long 2 WNSEARCHDIR, 3 WNHOME, or 4 WNDBVERSION environment variable; or 5 a user-supplied dictionary aka data file. NOTE: since WordNet...
Buffer overflow
Multiple buffer overflows in Princeton WordNet wn 3.0 allow context-dependent attackers to execute arbitrary code via 1 a long argument on the command line; a long 2 WNSEARCHDIR, 3 WNHOME, or 4 WNDBVERSION environment variable; or 5 a user-supplied dictionary aka data file. NOTE: since WordNet...
CVE-2008-3908
Multiple buffer overflows in Princeton WordNet wn 3.0 allow context-dependent attackers to execute arbitrary code via 1 a long argument on the command line; a long 2 WNSEARCHDIR, 3 WNHOME, or 4 WNDBVERSION environment variable; or 5 a user-supplied dictionary aka data file. NOTE: since WordNet...
FreeBSD Ports: sudo
The remote host is missing an update to the system as announced in the referenced advisory. VID 045944a0-6bca-11d9-aaa6-000a95bc6fae OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
Stack overflow
Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 aka 9.0.4, and Ingres 2006 release 2 aka 9.1.0 on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running 1 verifydb, 2 iimerge, or 3 csrepor...
CVE-2008-3389
Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 aka 9.0.4, and Ingres 2006 release 2 aka 9.1.0 on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running 1 verifydb, 2 iimerge, or 3 csrepor...