sudo 1.8.0 < 1.8.3p1 - 'sudo_debug' glibc FORTIFY_SOURCE Bypass + Privilege Escalation

/ death-star.c sudo v1.8.0-1.8.3p1 sudodebug format string root exploit + glibc FORTIFYSOURCE bypass by aeon - http://infosecabsurdity.wordpress.com/ This PoC exploits: - CVE-2012-0864 - FORTIFYSOURCE format string protection bypass via "nargs" integer overflow - CVE-2012-0809 - sudo v1.8.0-1.8.3...

Mandriva Linux Security Advisory : x11-server (MDVSA-2013:139)

This fixes a format string vulnerability in the LogVHdrMessageVerb function in os/log.c when handling input device names in X.Org X11 server CVE-2012-2118. MBS1 is not vulnerable to arbitrary code execution via this vulnerability because of the compiler options that were used to build it, but it...

CVE-2013-1848

fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application...

CVE-2013-1848

fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application...

DEBIAN-CVE-2013-1848

fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application...

Format string

fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application...

CVE-2013-1848

Affected software: Linux kernel (fs/ext3/super.c) before 3.8.4. Root cause: incorrect arguments to functions related to printk input, enabling local users to perform format-string attacks and potentially gain privileges via a crafted application. Impact: local privilege escalation. Remediation: p...

CVE-2013-1848

fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application...

CVE-2013-1848

fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application...

UBUNTU-CVE-2013-1848

fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application...

VMware OVF Tool Format String Vulnerability (CVE-2012-3569)

A format string vulnerability has been reported in VMware OVF Tool...

Polycom HDX multiple security vulnerabilities

Format string vulnerability, SQL injection, code execution, privilege escalation...

n.runs-SA-2013.004 - Polycom - H.323 Format String Vulnerability

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.004 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom H.323 Format String Vulnerability Risk: HIGH Overview: For every received H.323 SETUP...

VMware OVF Tool Format String

Added: 03/15/2013 CVE: CVE-2012-3569 BID: 56468 OSVDB: 87117 Background VMware is a suite of products supporting the creation and operation of virtual machines, which are self-contained, independent guest operating systems running within a host operating system. Problem The Windows variants of...

VMware OVF Tool Format String

Added: 03/15/2013 CVE: CVE-2012-3569 BID: 56468 OSVDB: 87117 Background VMware is a suite of products supporting the creation and operation of virtual machines, which are self-contained, independent guest operating systems running within a host operating system. Problem The Windows variants of...

VMware OVF Tool Format String

Added: 03/15/2013 CVE: CVE-2012-3569 BID: 56468 OSVDB: 87117 Background VMware is a suite of products supporting the creation and operation of virtual machines , which are self-contained, independent guest operating systems running within a host operating system. Problem The Windows variants of...

VMware OVF Tool Format String

Added: 03/15/2013 CVE: CVE-2012-3569 BID: 56468 OSVDB: 87117 Background VMware is a suite of products supporting the creation and operation of virtual machines , which are self-contained, independent guest operating systems running within a host operating system. Problem The Windows variants of...

EMC AlphaStor Device Manager Format String (CVE-2013-0929)

A denial of service or executing arbitrary commands has been reported in EMC AlphaStor Device. The vulnerability is caused by insufficient sanitization when processing certain requests. A remote attacker could trigger this flaw by processing certain requests...

Vulnerability in VMware OVF Tool Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting VMware OVF Tool software version 2.1 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor,...

EMC AlphaStor Device Manager 0x75 Command Remote Code Execution Vulnerability

This vulnerability potentially allows remote attackers to execute arbitrary code on vulnerable installations of EMC AlphaStor for EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within Device Manager rrobotd.exe which listens by default on por...