CVE-2000-1119

CVE-2000-1119 : A buffer overflow in the IBM AIX setsenv command (affected: AIX 4.3.x and earlier) can allow a local attacker to execute arbitrary commands with root privileges. The root cause is a vulnerable parameter handling in the setsenv utility; an exploit has been publicly available and re...

CVE-2001-0316

CVE-2001-0316 affects Linux kernels 2.2 and 2.4 where sysctl can be invoked with a negative length, allowing unprivileged local users to read kernel memory and potentially obtain root privileges. Mitigation in the public records points to upgrading to kernel 2.2.19 or later (and vendor advisories...

CVE-2001-0033

CVE-2001-0033 affects KTH Kerberos IV. Local users can alter a Kerberos server’s configuration by supplying an alternate directory via the KRBCONFDIR environmental variable, enabling escalation of privileges. The description identifies the root cause as the ability to specify a custom configurati...

IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) /usr/bin/lpstat Local Exploit

Exploit for irix platform in category local exploits =============================================================== IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 /usr/bin/lpstat Local Exploit =============================================================== !/bin/sh copyright LAST STAGE OF DELIRIUM jul 2000...

Vixie Cron crontab 3.0 - Privilege Lowering Failure (1)

source: https://www.securityfocus.com/bid/2687/info Vixie cron is an implementation of the popular UNIX program that runs user-specified programs at periodic scheduled times. When a parsing error occurs after a modification operation, crontab will fail to drop privileges correctly for subsequent...

[SECURITY] [DSA 050-1] New version sendfile fix local root exploit

---------------------------------------------------------------------------- Debian Security Advisory DSA 050-1 [email protected] http://www.debian.org/security/ Martin Schulze April 20, 2001 - ---------------------------------------------------------------------------- Package : sendfile...

Samba 2.0.x - Insecure TMP File Symbolic Link

Samba 2.0.x - Insecure TMP File Symbolic Link // source: https://www.securityfocus.com/bid/2617/info Samba is a flexible file sharing packaged maintained by the Samba development group. It provides interoperatability between UNIX and Microsoft Windows systems, permitting the sharing of files and...

SGI IRIX 6.5 / Solaris 7.0/8 CDE - '/usr/dt/bin/dtsession' Local Buffer Overflow

/ source: https://www.securityfocus.com/bid/2603/info The CDE Session Manager 'dtsession' is vulnerable to a buffer overflow that could yield root privileges to an attacker. The bug exists in dtsession's LANG environment variable parser. If an overly long LANG variable is set and dtsession is...

CVE-2001-0315

CVE-2001-0315 affects mIRC 5.7. The vulnerability arises from the locking feature, where local users can bypass the password mechanism by modifying the LockOptions registry key. Exploitation requires local access; the CVSS base score is 7.5 (HIGH) with partial impacts to confidentiality, integrit...

SCO OpenServer 5.0.6 - lpadmin Buffer Overflow

source: https://www.securityfocus.com/bid/2553/info SCO OpenServer 5.0.6 and possibly earlier versions ships with several suid 'bin' executables used in printer administration and related tasks. This includes lpadmin, a component used to manage and configure print destinations, devices and printe...

SCO Open Server 5.0.6 - recon Buffer Overflow

SCO Open Server 5.0.6 - recon Buffer Overflow source: https://www.securityfocus.com/bid/2560/info SCO OpenServer 5.0.6 and possibly earlier versions ships with a suid 'bin' executable called 'recon'. 'recon' is used to buffer and forward escape sequences from a user's input to timing-sensitive...

Solaris 2.5/2.6/7.0/8 tip - Local Buffer Overflow

// source: https://www.securityfocus.com/bid/2475/info tip is a utility included with Sun Microsystems Solaris Operating Environment. tip allows a user to establish a full duplex terminal connection with a remote host. A problem with tip could lead to a buffer overflow. Due to the improper handli...

[SECURITY] [DSA-041-1] joe local attack via joerc

Package : joe Problem type : local exploit Debian-specific: no Christer Öberg of Wkit Security AB found a problem in joe Joes Own Editor. joe will look for a configuration file in three locations: the current directory, the users homedirectory $HOME and in /etc/joe. Since the configuration file c...

FreeBSD 3.5.14.2 - Ports Package xklock Local Privilege Escalation

FreeBSD 3.5.14.2 - Ports Package xklock Local Privilege Escalation / xklock - FreeBSD 3.5.1 & 4.2 ports package local root exploit The X key lock program contain several exploitable buffer overflows in command line arguments aswell as the 'JNAME' environment variable. xklock is installed setuid...

Slackware 7.1 /usr/bin/mail Local Exploit

Exploit for linux platform in category local exploits ========================================= Slackware 7.1 /usr/bin/mail Local Exploit ========================================= / Slackware 7.1 /usr/bin/Mail Exploit give gid=1 bin if /usr/bin/Mail is setgid but it is not setgid, setuid for...

Tru64 UNIX 4.0g /usr/bin/at Local Root Exploit

Exploit for tru64 platform in category local exploits ============================================== Tru64 UNIX 4.0g /usr/bin/at Local Root Exploit ============================================== / Tru64 UNIX 4.0g JAVA /usr/bin/at local root exploit. ALPHA Author: Cody Tubbs loophole of hhp. Site:...

CVE-2001-0112

The CVE-2001-0112 entry concerns the splitvt utility: multiple buffer overflows in splitvt prior to 1.6.5 allow local users to execute arbitrary commands. Public details in the connected documents confirm affected software (splitvt) and the vulnerable version range (before 1.6.5), with Debian and...

[SECURITY] [DSA 028-1] New man-db packages released

---------------------------------------------------------------------------- Debian Security Advisory DSA-028-1 [email protected] http://www.debian.org/security/ Martin Schulze February 9, 2001 - ---------------------------------------------------------------------------- Package : man-db...

FreeBSD-SA-01:22.dc20ctrl

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:22 Security Advisory FreeBSD, Inc. Topic: dc20ctrl port contains a locally exploitable buffer overflow yielding gid dialer Category: ports Module: dc20ctrl Announced:...

[CORE SDI ADVISORY] WinVNC server buffer overflow

CORE SDI http://www.core-sdi.com Vulnerability report for server overflow in ATT VNC for Windows Date Published: 2001-01-29 Advisory ID: CORE-2001011502 Bugtraq ID: 2306 CVE CAN: None currently assigned. Title; ATT VNC Windows Server Buffer Overflow Class: Boundary Error Condition Buffer Overflow...