CVE-1999-0339

The CVE-1999-0339 issue affects Solaris’ libauth, where a buffer overflow in the library permits local users to gain additional privileges, potentially root access. Affected component: libauth on Solaris; vulnerability type: buffer overflow leading to local privilege escalation. Impact as describ...

CVE-1999-0413

CVE-1999-0413 describes a buffer overflow in the SGI X server that enables a local user to gain root privileges via the X server font path. The Red Hat and CVE records corroborate the same core issue: a local-exploit path that could lead to full compromise on affected systems running SGI X server...

libtermcap_exploit.txt

Subject: local libtermcap exploit To: [email protected] Well, I wrote this a little while back. This is a serious bug, so people should be able to test their systems properly. All admins should definitely upgrade to the newest libtermcap. - sk8 of LS / Local exploit for suid root programs...

glibc_exploit.txt

Subject: Linux glibc 2.1.x / wu-ftpd =2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x To: [email protected] First of all, something less or more personal - sorry to all [email protected] people for this post. I'm really angry, as this stuff become well-known without my knowledge... so, only a...

SCO Open Server 5.0.5 - X Library Buffer Overflow (1)

SCO Open Server 5.0.5 - X Library Buffer Overflow 1 // source: https://www.securityfocus.com/bid/638/info A buffer overflow vulnerability in the shared X library may allows local users to obtain higher privileges. Any setuid applications linked against the library are possibly vulnerable. The...

RedHat Linux 6.0 Slackware Linux 4.0 - Termcap tgetent() Local Buffer Overflow (2)

RedHat Linux 6.0 Slackware Linux 4.0 - Termcap tgetent Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/588/info A buffer overflow existed in libtermcap's tgetent function, which could cause the user to execute arbitrary code if they were able to supply their own termcap file...

IBM AIX 4.3.1 - adb Denial of Service

IBM AIX 4.3.1 - adb Denial of Service source: https://www.securityfocus.com/bid/520/info adb is the debugger that ships with IBM's AIX operating system. It is possible for a local user to cause a local denial of service through exploiting the version of adb shipped with AIX 4.2 through 4.3.1. The...

SCO Open Server 5.0.5 - XBase Buffer Overflow

// source: https://www.securityfocus.com/bid/479/info The XBase package that ships with SCO OpenServer 5.0. is vulnerable to several buffer overflow attacks in many different XBase tools. The tools that are installed setuid root allow local users to gain superuser privileges. This is because they...

RedHat Linux 5.1 - xosview

RedHat Linux 5.1 - xosview // source: https://www.securityfocus.com/bid/362/info xosview is an X11 system monitoring application that ships with RedHat 5.1 installed setuid root. A buffer overflow vulnerability was found in Xrm.cc, the offending code listed below: char userrfilename1024;...

IBM AIX 4.2.1 Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (5)

IBM AIX 4.2.1 Sun Solaris 7.0 - LCMESSAGES libc Buffer Overflow 5 / source: https://www.securityfocus.com/bid/268/info A buffer overflow in libc's handling of the LCMESSAGES environment variable allows a malicious user to exploit any suid root program linked agains libc to obtain root privileges...

IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (1)

source: https://www.securityfocus.com/bid/268/info A buffer overflow in libc's handling of the LCMESSAGES environment variable allows a malicious user to exploit any suid root program linked agains libc to obtain root privileges. This problem is found in both IBM's AIX and Sun Microsystem's...

IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (4)

// source: https://www.securityfocus.com/bid/268/info A buffer overflow in libc's handling of the LCMESSAGES environment variable allows a malicious user to exploit any suid root program linked agains libc to obtain root privileges. This problem is found in both IBM's AIX and Sun Microsystem's...

Sun Solaris 7.0 - ff.core Local Privilege Escalation

Sun Solaris 7.0 - ff.core Local Privilege Escalation source: https://www.securityfocus.com/bid/327/info There is a vulnerability in Solaris's ff.core utility which allows normal users to execute the rename command as root. This particular bug when leveraged against a series of other configuration...

Solaris 7.0 - ufsdump Local Buffer Overflow (2)

Solaris 7.0 - ufsdump Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/680/info A buffer overflow vulnerability in the /usr/lib/fs/ufs/ufsdump setuid program allows local users to obtain root and tty group access. The vulnerability is the result of 'ufsdump' not being able to...

SGI IRIX - LsD Multiple Local Buffer Overflows

SGI IRIX - LsD Multiple Local Buffer Overflows / copyright by / / Last Stage of Delirium, Dec 1996, Poland/ include include include define BUFSIZE 2068 define OFFS 800 define ADDRS 3 define ALIGN 0 define ALIGN2 4 char...

Solaris 2.4 - binfdformat Local Buffer Overflow

Solaris 2.4 - binfdformat Local Buffer Overflow --------------------------- lion24.c --------------------------------- / Solaris 2.4 / include include include include define BUFLENGTH 264 define EXTRA 36 define STACKOFFSET -56 define SPARCNOP 0xa61cc013 uchar sparcshellcode =...

Solaris 2.4 /bin/fdformat Local Buffer Overflow Exploits

Exploit for solaris platform in category local exploits ======================================================== Solaris 2.4 /bin/fdformat Local Buffer Overflow Exploits ======================================================== --------------------------- lion24.c ---------------------------------...

CVE-1999-1026

aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file...

SGI IRIX 5.3/6.2 / SGI license_oeo 1.0 LicenseManager - 'NETLS_LICENSE_FILE' Local Privilege Escalation

source: https://www.securityfocus.com/bid/72/info Under normal operation LicenseManager1M is a program used to view and manage FLEXlm and NetLS software licenses. Unfortunately, a set of vulnerabilities has been discovered that allows LicenseManager1M to overwrite root-owned files allowing root...

RedHat Linux 2.1 - abuse.console Local Privilege Escalation

RedHat Linux 2.1 - abuse.console Local Privilege Escalation source: https://www.securityfocus.com/bid/354/info Abuse is a game that is included with RedHat Linux 2.1 in the games package. The console version, abuse.console, is suid-root and will load the program sndrv as root without checking for...