7486 matches found
TRU64 formal disclosure from Snosoft.
====================================================================== Strategic Reconnaissance Team Security AdvisorySRT2002-09 Topic: Compaq Tru64 Unix Mulitple Buffer Overflows Vendor: HP/Compaq Release Date: 09/04/2002 Author: [email protected] Primary Research by: [email protected]...
HP Tru64 UNIX contains buffer overflow in libc libraries (SSRT2257)
Overview The HP Tru64 Unix operating system contains multiple buffer overflow vulnerabilities. Description A vulnerability exists in the way in which the libc libraries handle environment variables in the HP Tru64 UNIX operating system. As a result, local attackers may be able to execute arbitrar...
Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries
CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries Original release date: June 28, 2002 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Applications using vulnerable implementations of the Domain Name...
CVE-2001-0976
HP Process Resource Manager (PRM) C.01.08.2 and earlier, used by HP-UX Workload Manager (WLM), is vulnerable to local privilege escalation via manipulated libraries or environment variables. Root privileges can be gained by a local user due to the underlying insecure handling of library paths and...
CVE-2001-0976
Vulnerability in HP Process Resource Manager PRM C.01.08.2 and earlier, as used by HP-UX Workload Manager WLM, allows local users to gain root privileges via modified libraries or environment variables...
CVE-1999-1477
Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack...
CVE-1999-1477
CVE-1999-1477: Buffer overflow in GNOME libraries 1.0.8 permits a local user to gain root access via a long --espeaker argument, observed in programs such as nethack. The available documents confirm the affected component is GNOME libraries (version 1.0.8) and the attack requires local access; ro...
Aladdin Ghostscript LD_RUN_PATH environment variable allows libraries to be loaded from current directory
Overview Alladin Ghostscript, a previewer for postscript files, uses an insecure value for the LDRUNPATH environment variable. This allows attackers to supply malicious libraries to be loaded from the current directory. Description Alladin Ghostscript is a previewer for postscript files. In...
ld.so fails to unset LD_PRELOAD before executing suid root programs
Overview ld.so fails to unset LDPRELOAD before executing suid root programs, allowing loading of insecure or malicious libraries. Description ld.so, the UNIX/LINUX dynamic loader, fails in some conditions and some operating system releases to unset LDPRELOAD before loading suid root programs for...
glibc does not check SUID bit on libraries in /etc/ld.so.cache
Overview The GNU libc library fails to perform a check for the SETUID bit for cached libraries in the /etc/ld.so.cache file. As a result, malicious users may create or modify privileged files. Description The GNU libc library allows preloading libraries via the LDPRELOAD environment variable,...
Дырка в PHP 4 imap module
Переполнение буфера при работе с внешними библиотеками...
[SECURITY] [DSA 037-1] New versions of Athena Widget replacement libraries available
---------------------------------------------------------------------------- Debian Security Advisory DSA-037-1 [email protected] http://www.debian.org/security/ Martin Schulze March 7, 2001 - ---------------------------------------------------------------------------- Package : nextaw, xaw3d,...
glibc 2.2 local vulnerability on setuid binaries
glibc-2.2 contains a local vulnerability that affects all setuid root binaries. Any user on affected systems will be able to read any file on the system through a simple process: The user sets the RESOLVHOSTCONF environment variable to the name of the file that they wish to read, then runs any...
CVE-2000-1163
ghostscript before 5.10-16 uses an empty LDRUNPATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript...
Solaris/SPARC 2.7 lpset exploit (well not likely !)
Hi, lpset seems to use strcat to pass the argument for -r flag /usr/lib/print/lib/../../../../tmp/foo and appends .so to the end. in this case /tmp/foo.so is going to be dlopen but there is a special case /usr/lib/print/lib directory has to exist. xploit shell script is attached. $ uname -a SunOS...
SCO Open Server 5.0.5 IRIX 6.2 ibX11X11 ToolkitAthena Widget Library - Local Buffer Overflow
SCO Open Server 5.0.5 IRIX 6.2 ibX11X11 ToolkitAthena Widget Library - Local Buffer Overflow // source: https://www.securityfocus.com/bid/884/info SCO Openserver and SGI IRIX 6.2 confirmed, possibly others are vulnerable to several buffer overflows in various shared libraries related to the X...
SCO Open Server 5.0.5 / IRIX 6.2 ibX11/X11 Toolkit/Athena Widget Library - Local Buffer Overflow
// source: https://www.securityfocus.com/bid/884/info SCO Openserver and SGI IRIX 6.2 confirmed, possibly others are vulnerable to several buffer overflows in various shared libraries related to the X window system. This means that all programs which link to these libraries could be vulnerable to...
CVE-1999-0073
CVE-1999-0073 describes a vulnerability where a remote Telnet client can specify environment variables, including LD_LIBRARY_PATH, allowing an attacker to bypass normal system libraries and gain root access. The connected Red Hat, CVE, EUVD, and CVE list entries corroborate this description. The ...
CVE-1999-0073
Telnet allows a remote client to specify environment variables including LDLIBRARYPATH, allowing an attacker to bypass the normal system libraries and gain root access...
linux_GNOME_exploit.txt
Greetings, Virtually any program using the GNOME libraries is vulnerable to a buffer overflow attack. The attack comes in the form: /path/to/gnome/prog --enable-sound --espeaker=$80bytebuffer The following exploit should work against any GNOME program, though I tried it on the irony...