5 matches found
DSA-1709-1 shadow - privilege escalation
Bulletin has no description...
/bin/login gives root to group utmp
There is a group-utmp-to-root privilege escalation vulnerability in /bin/login in Debian, and I expect in all other Linux distros. For details and exploit please see http://bugs.debian.org/505271 Currently am not aware of any group utmp issues that could be leveraged to get root. Cheers, Paul Sza...
[SA17023] GNOME libzvt "gnome-pty-helper" Hostname Spoofing
TITLE: GNOME libzvt "gnome-pty-helper" Hostname Spoofing SECUNIA ADVISORY ID: SA17023 VERIFY ADVISORY: http://secunia.com/advisories/17023/ CRITICAL: Not critical IMPACT: Spoofing WHERE: Local system SOFTWARE: GNOME 2.x http://secunia.com/product/3277/ DESCRIPTION: Paul Szabo has reported a...
Mandrake Linux Security Advisory : gzip (MDKSA-2003:068)
A vulnerability exists in znew, a script included with gzip, that would create temporary files without taking precautions to avoid a symlink attack. Patches have been applied to make use of mktemp to generate unique filenames, and properly make use of noclobber in the script. Likewise, a fix for...
ksh.temp-hole.txt
Author: Paul Szabo Recently I reported that, similarly to the recently discussed tcsh vulnerability, the Bourne shell /bin/sh creates temporary files in an insecure way: http://www.securityfocus.com/templates/archive.pike?list=1&msg=200011230225.N [email protected] At the time I als...