42 matches found
Fedora 42 : toolbox (2025-e41c694c83)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-e41c694c83 advisory. Security fixes Bumped the minimum github.com/go-viper/mapstructure/v2 version to 2.3.0 for GHSA-fv92-fjc5-jj9h or GO-2025-3787 Bumped the minimum...
CVE-2003-0830
Buffer overflow in marbles 1.0.2 and earlier allows local users to gain privileges via a long HOME environment variable...
SUSE CVE-2003-0454
Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local users to gain privileges via a long HOME environment variable...
SUSE CVE-2009-0601
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service application crash via format string specifiers in the HOME environment variable...
Command Injection
Overview chrome-launcher is a library to launch Google Chrome with ease from node. Affected versions of this package are vulnerable to Command Injection. By controlling the $HOME environment variable in Linux operating systems, an attacker can execute arbitrary code. PoC: var maliciouscode = '&...
Design/Logic Flaw
A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the buildd directory and consequently reads the system configuration file from the buildd directory, which allows...
NetKit-telnetd: buffer overflows in telnet and telnetd
Background NetKit-telnetd is a standard Linux telnet client and server from the NetKit utilities. Description A possible buffer overflow exists in the parsing of option strings by the telnet daemon, where proper bounds checking is not applied when writing to a buffer. Additionaly, another possibl...
CVE-2004-0158
Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to 1 editor.c, 2 theme.c, 3 manager.c, 4 config.c, 5 game.c, 6 levels.c, or 7 main.c...
CVE-2003-0830
Buffer overflow in marbles 1.0.2 and earlier allows local users to gain privileges via a long HOME environment variable...
Freesweep buffer overflow
Buffer overflow during HOME variable parsing...
DEBIAN-CVE-2003-0454
Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local users to gain privileges via a long HOME environment variable...
Youbin 2.5/3.0/3.4 - 'HOME' Buffer Overflow
source: https://www.securityfocus.com/bid/7503/info It has been reported that youbin is vulnerable to a locally exploitable buffer overflow. The problem is said to occur while processing environment variables. Specifically, an internal memory buffer may be overrun while handling a HOME environmen...
CVE-1999-1490
CVE-1999-1490 affects xosview 1.5.1 in Red Hat 5.1. The issue is a local privilege escalation where an overly long HOME environmental variable enables a non-privileged user to gain root access. The root cause is not expanded in the provided documents beyond the environmental variable manipulation...
CVE-2003-0034
Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable...
ASI Oracle Security Alert: Oracle Home Environment Variable Buffer Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oracle Home Environment Variable Buffer Overflow For additional details, the official advisories from Oracle Corporation can be downloaded from: http://otn.oracle.com/deploy/security/pdf/dbsmpalert.pdf Summary: By setting a long ORACLEHOME value more...
CVE-1999-1534
CVE-1999-1534 affects Knox Arkeia Backup Server (backup product) with a local buffer overflow in nlservd and rnavc, exploitable via a long HOME environment variable to obtain root privileges. Descriptions across sources consistently indicate local access and root compromise; no concrete remediati...
CVE-2001-0422
Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable...
CVE-2000-0794
Buffer overflow in IRIX libgl.so library allows local users to gain root privileges via a long HOME variable to programs such as 1 gmemusage and 2 grosview...
CVE-2000-0230
Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable...
SuSE_overflow_exploit.txt
Greetings, My last post regarding a sccw exploit simply allowed any user to read any file on the system but, of course, didn't yield any instant root. A much more serious problem now exists in the form of a HOME environment variable buffer overflow. If you hadn't removed the s-bit before, now is...