Mandrake Linux 8.2 - usrmail Local Overflow

Mandrake Linux 8.2 - usrmail Local Overflow !/usr/bin/perl Mandrake 8.2 /usr/mail local exploit Usage: perl d86mail.pl offset Then enter "." dot and press 'Enter' Example: satan@localhost my$ perl d86mail.pl eip: 0xbffffddd .enter Cc: too long to edit sh-2.05$ $shellcode =...

CVE-2002-1117

Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares...

Happy Labor Day from Snosoft

For your reading pleasure I have attached some of the communication between myself and CERT regarding the issues recently released at: ftp://ftp1.support.compaq.com/public/unix/v5.1/T64V51B19-C0136901-15143-ES-20020817.txt We are in the process of making our formal advisories out of these...

Informix SE-7.25 /lib/sqlexec Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Title: Local Vulnerability in Informix SE-7.25 Date: 21-04-2002 Platform: Only tested in Linux but can be exported to others. Impact: Users with exec perm over /lib/sqlexec can obtain euid=0 Author: Juan Manuel Pascual Escriba [email protected] Status: Vendor...

Apple Mac OSX 10.x FreeBSD 4.x OpenBSD 2.x Solaris 2.52.67.08 - exec C Library Standard IO File Descriptor Closure

Apple Mac OSX 10.x FreeBSD 4.x OpenBSD 2.x Solaris 2.52.67.08 - exec C Library Standard IO File Descriptor Closure / source: https://www.securityfocus.com/bid/4568/info It has been reported that BSD-based kernels do not check to ensure that the C library standard I/O file descriptors 0-2 are vali...

More SWF vulnerabilities?

Vulnerable systems: unpatched "standalone Flash players" Macromedia Shockwave Flash player versions before January 2002? Fix: "In response to the discovery of the virus, in January Macromedia released an update to its standalone Flash player that causes the player to ignore the "exec" action."...

FreeBSD-SA-02:08.exec

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:08 Security Advisory FreeBSD, Inc. Topic: race condition during exec may allow local root compromise Category: core Module: kernel Announced: 2002-01-24 Credits: Logan...

Linux Kernel 2.2/2.4 - Ptrace/Setuid Exec Privilege Escalation

source: https://www.securityfocus.com/bid/3447/info Linux contains a vulnerability in it's exec implementation that may allow for modification of setuid process memory via ptrace. The vulnerability is due to the fact that it is possible for a traced process to exec a setuid image if the tracing...

Security Advisory 2001-009: Race condition between sugid-exec and ptrace(2)

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2001-009 ================================= Topic: Race condition between sugid-exec and ptrace2 Version: All official releases up to and including 1.5 Severity: Local user may gain superuser privileges Fixed: NetBSD-current: June 15, 200...

Проблемы с обработчиками сигналов в FreeBSD (signal handlers)

При выполнении exec не все обработчики сигналов очищаются, что позволяет встроить свой код в suid-приложение...

CVE-2000-0573

Summary (CVE-2000-0573) The vulnerability affects Wu-ftpd prior to 2.6.1, where the lreply/SITE EXEC (and SITE INDEX) path does not sanitize an untrusted format string. This allows remote attackers to execute arbitrary code (reported as root access) by sending crafted SITE EXEC/INDEX commands. Pu...

WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (3)

source: https://www.securityfocus.com/bid/1387/info Washington University ftp daemon wu-ftpd is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a very serious remote attack in the SITE EXEC implementation. Because ...

Tru64 5 (su) Env Local Stack Overflow Exploit

Exploit for tru64 platform in category local exploits ============================================= Tru64 5 su Env Local Stack Overflow Exploit ============================================= / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / T...

Tru64 5 - su Env Local Stack Overflow

Tru64 5 - su Env Local Stack Overflow / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: Tru64 5 su / / Tested under: Tru6...

Format string input validation error in wu-ftpd site_exec() function

Overview A vulnerability involving an input validation error in the "site exec" command has recently been identified in the Washington University ftpd wu-ftpd software package. Sites running affected systems are advised to update their wu-ftpd software as soon as possible. A similar but distinct...

WU-FTPD 2.4.22.5 .02.6.0 - Remote Format String Stack Overwrite (2)

WU-FTPD 2.4.22.5 .02.6.0 - Remote Format String Stack Overwrite 2 // source: https://www.securityfocus.com/bid/1387/info Washington University ftp daemon wu-ftpd is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a...

WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (2)

// source: https://www.securityfocus.com/bid/1387/info Washington University ftp daemon wu-ftpd is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a very serious remote attack in the SITE EXEC implementation. Becau...

WU-FTPD site_exec() Function Remote Format String

The version of WU-FTPD hosted on the remote server does not properly sanitize the argument of the SITE EXEC command. It may be possible for a remote attacker to gain root access. This script was written by Alexis de Bernis Changes by Tenable: - rely on the banner if we could not log in - changed...

Удаленный root через WU-FTPD

Классическое переполнение буфера в site exec...

CVE-1999-0561

CVE-1999-0561 affects IIS where the #exec function is enabled for Server Side Include (SSI) files. The root cause is the SSI #exec handling, enabling potential command execution. Affected product: IIS; vulnerability details and exploitation status are not fully provided in the supplied documents....