30 matches found
CdRecord Version <= 2.0 - Mandrake local root exploit
No description provided by source. !/usr/bin/perl Cdrecord version 2.0 and local root exploit. wsxz@localhost buffer$ perl priv8cdr.pl 4 Using target number 4 Using Mr .dtors 0x808c82c Cdrecord 2.0 i586-mandrake-linux-gnu scsibus: -1 target: -1 lun: -1 Warning: Open by 'devname' is unintentional...
FreeBSD 3.3,Linux Mandrake 7.0 'xsoldier' Buffer Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/871/info Certain versions of FreeBSD 3.3 Confirmed and Linux Mandrake confirmed ship with a vulnerable binary in their X11 games package. The binary/game in question, xsoldier, is a setuid root binary meant to be run via ...
Mandrake Linux Security Advisory : joe (MDKSA-2000:072)
When exiting joe in a non-standard way such as a system crash, closing an xterm, or a network connection going down, joe will unconditionally append its open buffers to the file DEADJOE. This can be exploited by the creation of DEADJOE symlinks in directories where root would normally use joe. In...
Mandrake Linux Security Advisory : bind (MDKSA-2001:017)
Four problems exists in all versions of ISC BIND 4.9.x prior to 4.9.8 and 8.2.x prior to 8.2.3 9.x is not affected. Version 8.2.x contains a buffer overflow in transaction signature TSIG handling code that can be exploited by an attacker to gain unauthorized privileged access to the system,...
Mandrake Linux Security Advisory : dhcp (MDKSA-2000:022-1)
All versions of the ISC DHCP client program, dhclient, are vulnerable to a root attack by a corrupt DHCP server. This version fixes the vulnerability. Versions of Linux Mandrake prior to 7.0, while including the ISC DHCP server, do not include the DHCP client and are therefore not subject to this...
Mandrake Linux Security Advisory : bind (MDKSA-2000:067)
A vulnerability exists with the bind nameserver dealing with compressed zone transfers. This vulnerability can be exploited by authorized zone transfers and used in a DoS attack. The named daemon will crash if it receives this type of zone transfer from an authorized source address. The crash is...
Mandrake Linux Security Advisory : cfengine (MDKSA-2000:061)
The GNU cfengine is an abstract programming language for system administrators of large heterogeneous networks, used for maintenance and administration. There are a number of string format vulnerabilities in syslog calls that can be abused to either make the cfengine program segfault and die or t...
Mandrake Linux Security Advisory : licq (MDKSA-2001:032-1)
Versions of Licq prior to 1.0.3 have a vulnerability involving the way Licq parses received URLs. The received URLs are passed to the web browser without any sanity checking by using the system function. Because of the lack of checks on the URL, remote attackers can pipe other commands with the...
Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Service
Bugtraq ID: 36097 Class: Input Validation Error Published: Jan 17 2009 12:00AM Updated: Nov 12 2009 08:06PM Credit: Peter Valchev Vulnerable: SuSE openSUSE 11.0 SuSE openSUSE 10.3 SuSE Linux 9 SuSE Linux 11 SuSE Linux 10.0 RedHat Fedora 11 RedHat Fedora 10 RedHat Enterprise Linux WS 4 RedHat...
Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Service
Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Service Bugtraq ID: 36097 Class: Input Validation Error Published: Jan 17 2009 12:00AM Updated: Nov 12 2009 08:06PM Credit: Peter Valchev Vulnerable: SuSE openSUSE 11.0 SuSE openSUSE 10.3 SuSE Linux 9 SuSE Linux 11 SuSE Linux 10.0 RedHat...
CUPS '_cupsImageReadTIFF()'整数溢出漏洞
BUGTRAQ ID: 34571 CVE ID:CVE-2009-0163 CNCVE ID:CNCVE-20090163 Common Unix Printing SystemCUPS是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 CUPS处理TIFF图像存在整数溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。...
Python 'Imageop'模块参数验证缓冲区溢出漏洞
BUGTRAQ ID: 31932 CNCAN ID:CNCAN-2008102806 Python是一款开放源代码的脚本编程语言。 Python 'Imageop'模块的不正确参数验证,远程攻击者可以利用漏洞进行缓冲区溢出而触发segfault错误。 目前没有详细漏洞细节提供,可能导致任意代码执行。 Python Software Foundation Python 2.5.2 Python Software Foundation Python 2.5.1 Python Software Foundation Python 2.4.5 Python Software Foundatio...
XML-RPC for PHP Remote Code Injection Vulnerability
Description XML-RPC for PHP is affected by a remote code-injection vulnerability. An attacker may exploit this issue to execute arbitrary commands or code in the context of the webserver. This may facilitate various attacks, including unauthorized remote access. XML-RPC for PHP 1.1 and prior...
Linux Mandrake <= 10.2 cdrdao Local Root Exploit (unfixed)
Exploit for linux platform in category local exploits ========================================================== Linux Mandrake ld.so.c uidt getuid return 0; EOF echo "+ done." echo "preparing shell program ..." cat sh.c include int mainint argc,char argv setreuid0,0; setgid0; unlink"/tmp/ld.so";...
Mandrake Linux Security Advisory : openssl (MDKSA-2003:020)
In an upcoming paper, Brice Canvel EPFL, Alain Hiltgen UBS, Serge Vaudenay EPFL, and Martin Vuagnoux EPFL, Ilion describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability 0.9.6i and 0.9.7a. The...
CDRTools CDRecord 2.0 (Mandrake / Slackware) - Local Privilege Escalation
!/usr/bin/perl Cdrecord version 2.0 and local root exploit. wsxz@localhost buffer$ perl priv8cdr.pl 4 Using target number 4 Using Mr .dtors 0x808c82c Cdrecord 2.0 i586-mandrake-linux-gnu scsibus: -1 target: -1 lun: -1 Warning: Open by 'devname' is unintentional and not supported. /usr/bin/cdrecor...
CUPS ippRead() attribute name buffer overflow
cups-ippread-bo 8192 High Risk CUPS ippRead attribute name buffer overflow Description: Common Unix Printing System CUPS versions 1.1.13 and earlier are vulnerable to a denial of service attack caused by a buffer overflow in the handling of attribute names in the ippRead function. By setting a ve...
Mozilla personal security manager /tmp issues
Playing with /tmp a bit this morning I ran into the following issue in mozilla... with mozilla open root@linuxppc root fuser -n file /tmp/.nsmc-0-lock /tmp/.nsmc-0-lock: 3220 3223 3224 3226 3227 3228 3229 root@linuxppc root ps -ef | grep 3220 root 3220 1 0 12:42 ? 00:00:00 ./psm sh-2.05$ id...
ml85p.sh
Why code the exploit in C if you were just going to sprintf; system everything anyway? This is a bad exploit for a lame bug. I found this in april and wrote this exploit to muck around with /etc/ld.so.preload as a means of elevating privildges from symlink attacks locally. old news but still. thi...
MDKSA-2001:043 - rpmdrake update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Linux-Mandrake Security Update Advisory Package name: rpmdrake Date: April 27th, 2001 Advisory ID: MDKSA-2001:043 Affected versions: 8.0 Problem Description: A temporary file vulnerability exists in rpmdrake. This updated rpmdrake corrects the problem...