RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Local Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/398/info It is possible to cause a denial of service remote and local through generating old, obscure kernel messages not terminated with \n in klogd. The problem exists because of a buffer overflow in the klogd handling of kernel messages. It is...

DataLynx suGuard 1.0 - Local Privilege Escalation

source: https://www.securityfocus.com/bid/186/info A vulnerability exists within the DataLynx's suGuard program which allows a local attacker to gain administrative privilege by exploiting poor use of the /tmp directory and poor programming. !/bin/sh sgrun exploit - the types of vulnerabilities...

Sendmail 8.9.2 - Headers Prescan Denial of Service

Sendmail 8.9.2 - Headers Prescan Denial of Service / against.c - Another Sendmail and pine ;- DoS up to 8.9.2 c 1999 by Usage: ./against existinguseronvictimhost victimhost Example: ./against nobody lamers.net / include include include include include include include include include include inclu...

RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' (1)

// source: https://www.securityfocus.com/bid/393/info A buffer overrun exists in the /bin/mailx program. This program was originally developed as part of BSD, and is available on many Unix systems. By supplying a long, well crafted buffer as the username argument, an attacker can use it to execua...

Fred N. van Kempen dip 3.3.7 - Local Buffer Overflow (1)

Fred N. van Kempen dip 3.3.7 - Local Buffer Overflow 1 // source: https://www.securityfocus.com/bid/86/info A buffer overflow resides in 'dip-3.3.7o' and derived programs. This is a problem only on systems where 'dip' is installed setuid. The culpable code is an 'sprintf' in line 192 in 'main.c':...

Fred N. van Kempen dip 3.3.7 - Local Buffer Overflow (2)

Fred N. van Kempen dip 3.3.7 - Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/86/info A buffer overflow resides in 'dip-3.3.7o' and derived programs. This is a problem only on systems where 'dip' is installed setuid. The culpable code is an 'sprintf' in line 192 in 'main.c':...

Fred N. van Kempen dip 3.3.7 - Local Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/86/info A buffer overflow resides in 'dip-3.3.7o' and derived programs. This is a problem only on systems where 'dip' is installed setuid. The culpable code is an 'sprintf' in line 192 in 'main.c': sprintfbuf, "%s/LCK..%s", PATHLOCKD, nam; -----...

Apple Personal Web Sharing 1.1 - Remote Denial of Service

Apple Personal Web Sharing 1.1 - Remote Denial of Service source: https://www.securityfocus.com/bid/84/info There appears to be a buffer overflow in Apple's Personal Web Sharing 1.1. If you connect to its TCP port number 80 and send it a string over three thousand bytes long followed by two retur...

Linux Kernel 2.0/2.0.33 - i_count Overflow (PoC)

/ source: https://www.securityfocus.com/bid/388/info The icount member in the Linux inode structure is an unsigned short integer. It can be overflowed by mapping a single file too many times, allowing for a local user to possibly gain root access on the target machine or cause a denial of service...

IRIX 5.36.x - usrbinmail Local Buffer Overflow

IRIX 5.36.x - usrbinmail Local Buffer Overflow / source: https://www.securityfocus.com/bid/1542/info The mail1 program, also know as mailatt, is used to read or send email. A buffer overflow condition exists in code that handles the LOGNAME environment variable. This could be exploited to elevate...

IBM AIX 4.2 - 'ping' Local Buffer Overflow

// source: https://www.securityfocus.com/bid/387/info A buffer overflow condition exists in some versions of /usr/sbin/ping under AIX. Given that ping is SUID root, this overflow allows malicious users to gain root from it. / /usr/sbin/ping exploit kinda' coded by BeastMaster V CREDITS: this is...

IBM AIX 4.2 - ping Local Buffer Overflow

IBM AIX 4.2 - ping Local Buffer Overflow // source: https://www.securityfocus.com/bid/387/info A buffer overflow condition exists in some versions of /usr/sbin/ping under AIX. Given that ping is SUID root, this overflow allows malicious users to gain root from it. / /usr/sbin/ping exploit kinda'...

IBM AIX 4.2 - usrsbinlchangelv Local Buffer Overflow

IBM AIX 4.2 - usrsbinlchangelv Local Buffer Overflow / source: https://www.securityfocus.com/bid/389/info A buffer overflow can occur in lchangelv under some versions of AIX. Note that an attacker must already have the GID or EGID of 'system' to execute lchangelv. Because lchangelv is SUID root,...

Solaris 2.4 passwd yppasswd nispasswd - Local Overflow

Solaris 2.4 passwd yppasswd nispasswd - Local Overflow ---------------------------- file newpass.c ------------------------------- include include define hiddenpasswd "/bin/hpasswd" /change here .../ define MAXLENGTH 32 void mainint argc, char argv int i; char args10; ifargc MAXLENGTH printf"You...

zgv $HOME overflow

Exploit for linux platform in category local exploits ================== zgv $HOME overflow ================== / zgv exploit coded by BeastMaster V on June 20, 1997 USAGE: For some strage reason, the filename length of this particular exploit must me one character long, otherwise you will be drop...

Dan Bernstein QMail 1.0 3 - RCPT Denial of Service (2)

// source: https://www.securityfocus.com/bid/2237/info qmail is an e-mail server package developed by Dan Bernstein. The qmail smtp server is subject to a denial of service. By specifying a large number of addresses in the recipient field RCPT, qmail will stop responding. This behaviour is due to...

Dan Bernstein QMail 1.0 3 - RCPT Denial of Service (1)

Dan Bernstein QMail 1.0 3 - RCPT Denial of Service 1 source: https://www.securityfocus.com/bid/2237/info qmail is an e-mail server package developed by Dan Bernstein. The qmail smtp server is subject to a denial of service. By specifying a large number of addresses in the recipient field RCPT,...

AIX 4.2 /usr/dt/bin/dtterm Local Buffer Overflow Exploit

Exploit for aix platform in category local exploits ======================================================== AIX 4.2 /usr/dt/bin/dtterm Local Buffer Overflow Exploit ======================================================== include include include char prog100="/usr/dt/bin/dtterm"; char...

Slackware Linux 3.13.2 - color_xterm Local Buffer Overflow (1)

Slackware Linux 3.13.2 - colorxterm Local Buffer Overflow 1 source: https://www.securityfocus.com/bid/369/info In Slackware Linux 3.1 and 3.2, the version of color xterm included is vulnerable to a buffer overflow attack that allows for a local user to gain root access. / exploit for colorxterm,...

Slackware Linux 3.1/3.2 - 'color_xterm' Local Buffer Overflow (1)

source: https://www.securityfocus.com/bid/369/info In Slackware Linux 3.1 and 3.2, the version of color xterm included is vulnerable to a buffer overflow attack that allows for a local user to gain root access. / exploit for colorxterm, modified by zgv / / original exploit coded by Ming Zhang for...