TC-IDE unfiltered shell characters problem

Shell characters filtering problem on external program execution in multiple utilities...

a2ps -- insecure command line argument handling

Rudolf Polzer reports: a2ps builds a command line for file containing an unescaped version of the file name, thus might call external programs described by the file name. Running a cronjob over a public writable directory a2ps-ing all files in it - or simply typing "a2ps .txt" in /tmp - is...

RHEL 2.1 : mod_auth_any (RHSA-2003:114)

Updated modauthany packages are available for Red Hat Enterprise Linux. These updated packages fix vulnerabilities associated with the manner in which modauthany escapes shell arguments when calling external programs. The Web server module modauthany allows the Apache httpd server to call arbitra...

Opete shell chatacters bug

Shell characters are not stripped on external program invocation...

Qpopper poppassd privelege escalation

During call to external program specified by used rot privileges are not dropped...

SAP privelege escalation

Relative path is used on external programm call...

Shell metacharacters in Simple WAIS 1.11

'|' is not commented during external program execution...

Проблема с dump в NetBSD (privelege escalation)

При вызове внешней программы указанной пользователем не сбрасывается egid tty...

Дырка в SAP R/3 (saposcol)

При вызове внешней программы не указывается абсолютный путь, что позволяет получить привилегии root...

Очередные дырки в CGI

Недостаточная проверка ввода пользователя при вызове внешней программы...

Дырка в modutils

Неконтролируемый ввод пользователя позволяет вызов внешней программы...

Redhat 6.2 dump command executes external program with suid priviledge.

Problem: Linux dump command executes external program with suid priviledge. 2. Tested Version dump-0.4b15 3. Example mat@localhost mat$ export TAPE=garbage:garbage mat@localhost mat$ export RSH=/home/mat/executethis mat@localhost mat$ cat /home/mat/executethis !/bin/sh cp /bin/sh /home/mat/sh...