CVE-1999-1408

CVE-1999-1408 affects AIX 4.1.4 and HP-UX 10.01 and 9.05. The vulnerability arises when a local user opens a socket to a localhost port, calls shutdown to clear the socket, and then reuses the same socket to connect to a different localhost port, which can trigger a denial of service (crash). The...

CVE-1999-1272

CVE-1999-1272 concerns buffer overflows in the CDROM Confidence Test program (cdrom), enabling local users to gain root privileges. The provided sources describe the vulnerability as local, with root-level impact, but no remediation or patch details are included in the documents. Potential exploi...

BSDI 3.0/3.1 - Local Kernel Denial of Service

/ source: https://www.securityfocus.com/bid/3220/info It has been reported that there is a locally exploitable vulnerability in BSDI. It is allegedly possible for a userland process to cause the kernel to halt. This may be due to a bad system call. / / BSDiv3.0/3.1 system failure, by...

Local exploit for TrollFTPD-1.26

Affects: TrollFTPD 1.26 probably earlier Severity: local users can gain root access. Fix: upgrade to TrollFTPD-1.27 Fix URL: ftp://ftp.trolltech.com/freebies/ftpd/troll-ftpd-1.27.tar.gz Description: An error in the handling of recursive directory listings can result in an exploitable buffer...

nerf.iis.dos.txt

--== NERF gr0up security advisory 4 ==-- MS IIS local and remote DoS 1. Vulnerable soft: IIS 4,5 2. Description: Openning and reading of device files com1, com2, etc. using Scripting.FileSystemObject will crash ASP-processor asp.dll. 3. Local exploit: If you have permission on creating .asp-file,...

Solaris whodo Vulnerability

Vulnerability in Solaris whodo Date Published: July 5, 2001 Advisory ID: N/A Bugtraq ID: 2935 CVE CAN: Non currently assigned. Title: Solaris whodo Buffer Overflow Vulnerability Class: Boundary Error Condition Remotely Exploitable: No Locally Exploitable: Yes Vulnerability Description: The whodo...

NERF Advisory #4: MS IIS local and remote DoS

--== NERF gr0up security advisory 4 ==-- MS IIS local and remote DoS 1. Vulnerable soft: IIS 4,5 2. Description: Openning and reading of device files com1, com2, etc. using Scripting.FileSystemObject will crash ASP-processor asp.dll. 3. Local exploit: If you have permission on creating .asp-file,...

RH 7.0 Crontab exploit - apparently fixed

/ Crontab tmp file race condition http://bugzilla.redhat.com/bugzilla/showbug.cgi?id=37771 Apparently this is fixed. Wonder why it still works. Local exploit Quick and dirty exploit for crontab insecure tmp files Redhat 7.0 - kept up2date with up2date Checked Tue Jun 26 00:15:32 NZST 2001...

Solaris /opt/SUNWssp/bin/cb_reset Vulnerability

Vulnerability in Solaris /opt/SUNWssp/bin/cbreset Date Published: June 12, 2001 Advisory ID: N/A Bugtraq ID: N/A CVE CAN: Non currently assigned. Title: Solaris /opt/SUNWssp/bin/cbreset Buffer Overflow Vulnerability Class: Boundary Error Condition Remotely Exploitable: No Locally Exploitable: Yes...

KDE KTVision 0.1 - File Overwrite

KDE KTVision 0.1 - File Overwrite source: https://www.securityfocus.com/bid/2913/info KTVision works with frame-grabber cards and KDE Unix K Desktop Environment to support TV video display on the PC screen. KTVision is vulnerable to symbolic link attacks. It is possible for an attacker to...

Rxvt 2.6.1/2.6.2 - Local Buffer Overflow

source: https://www.securityfocus.com/bid/2878/info Rxvt is a color VT102 terminal emulator for X intended as an xterm1 replacement. A buffer overflow vulnerability exists in rxvt. The error occurs when certain command line options with long arguments are passed to rxvt. Because rxvt is installed...

Juergen Schoenwaelder scotty 2.1.x - ntping Buffer Overflow

// source: https://www.securityfocus.com/bid/2911/info ntping is a component of scotty, a Tcl interpreter used to retrieve status and configuration information for TCP/IP networks. The utility, which runs with root privileges, contains a locally exploitable buffer overflow vulnerability. A local...

lil' exim format bug

Hi BugTrackers Just a little bug to tell: THE BUG ------- accept.c, line 2506: else if smtpreply != NULL moansmtpbatchNULL, smtpreply; while moansmtpbatch is like this: moansmtpbatchchar cmdbuffer, char format, ... So when smtpreply contains format strings, it get transformed by moansmtpbatch. Wh...

Exim 3.x - Format String

Exim 3.x - Format String source: https://www.securityfocus.com/bid/2828/info Exim is a free, open-source Mail Transfer Agent for Unix systems. Exim is vulnerable to a locally exploitable format string attack which may compromise root access. The vulnerability exists only when the 'syntax checking...

[synnergy] - Solaris mailtool(1) buffer overflow vulnerability

Vulnerability in Solaris mailtool1 Date Published: May 29, 2001 Advisory ID: N/A Bugtraq ID: N/A Sun Bug ID: 4458476 CVE CAN: Non currently assigned. Title: Solaris mailtool1 Buffer Overflow Vulnerability Class: Boundary Error Condition Remotely Exploitable: No Locally Exploitable: Yes Vulnerable...

CVE-2001-0426

CVE-2001-0426 describes a buffer overflow in the dtsession component affecting Solaris (and possibly other OSes) that lets local users gain privileges when a long LANG environment variable is processed. The vulnerability is triggered by excessively long LANG values, leading to privilege escalatio...

[SECURITY] [DSA-056-1] man-db local exploit

Package : man-db Problem type : local file overwrite Debian-specific: no Ethan Benson found a bug in man-db packages as distributed in Debian/GNU/Linux 2.2. man-db includes a mandb tool which is used to build an index of the manual pages installed on a system. When the -u or - -c option were give...

IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) /usr/lib/print/netprint Local Exploit

Exploit for irix platform in category local exploits ======================================================================= IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 /usr/lib/print/netprint Local Exploit ======================================================================= !/bin/sh copyright LAST STAGE ...

CVE-2000-1119

CVE-2000-1119 : A buffer overflow in the IBM AIX setsenv command (affected: AIX 4.3.x and earlier) can allow a local attacker to execute arbitrary commands with root privileges. The root cause is a vulnerable parameter handling in the setsenv utility; an exploit has been publicly available and re...

CVE-2001-0316

CVE-2001-0316 affects Linux kernels 2.2 and 2.4 where sysctl can be invoked with a negative length, allowing unprivileged local users to read kernel memory and potentially obtain root privileges. Mitigation in the public records points to upgrading to kernel 2.2.19 or later (and vendor advisories...