CVE-2003-0496

Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xpfileexist extended stored procedure with a named pipe as an argument instead of a normal file...

Pipe Filename Local Privilege Escalation FAQ

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We have received several inquiries regarding the advisory, "Named Pipe Filename Local Privilege Escalation" that was published by @stake on 07/08/2003. These answers should clarify where the vulnerability actually lies so customers can make informed...

Microsoft Windows CreateFile API Named Pipe Privilege Escalation Vulnerability

Description It has been reported that Microsoft Windows does not properly handle named pipes through the CreateFile API. Because of this, an attacker may be able to gain access to the SYSTEM account. Technologies Affected Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Advanced Serv...

Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (1)

// source: https://www.securityfocus.com/bid/8128/info It has been reported that Microsoft Windows does not properly handle named pipes through the CreateFile API. Because of this, an attacker may be able to gain access to the SYSTEM account. / tac0tac0.c - pay no attention to the name, long...

Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (2)

Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation 2 // source: https://www.securityfocus.com/bid/8128/info It has been reported that Microsoft Windows does not properly handle named pipes through the CreateFile API. Because of this, an attacker may be able to gain...

Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (2)

// source: https://www.securityfocus.com/bid/8128/info It has been reported that Microsoft Windows does not properly handle named pipes through the CreateFile API. Because of this, an attacker may be able to gain access to the SYSTEM account. / tac0tac0.c - pay no attention to the name, long...

Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (1)

Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation 1 // source: https://www.securityfocus.com/bid/8128/info It has been reported that Microsoft Windows does not properly handle named pipes through the CreateFile API. Because of this, an attacker may be able to gain...

Named Pipe Filename Local Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Named Pipe Filename Local Privilege Escalation Release Date: 07/08/2003 Application: Microsoft SQL Server Platform: Windows NT/2000/XP Severity: Local privilege escalation Author: Andreas...

Security Update: [CSSA-2003-SCO.3] UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : ftp vulnerability with pipe symbols in filenames

To: [email protected] [email protected] [email protected] [email protected] SCO Security Advisory Subject: UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : ftp vulnerability with pipe symbols in filenames Advisory number: CSSA-2003-SCO.3 Issue date: 2003 March...

CVE-2003-0041

Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe | character in a filename that is retrieved by the client...

Various FTP clients fail to account for pipe (|) characters in default file names

Overview Various FTP client implementations do not correctly handle files whose name begins with the "|" pipe character. Description Most FTP clients include a feature in which the remote filename is used as the local filename in a GET RETR operation. For example, many FTP clients support syntax...

Sendmail 8.12.x - SMRSH Double Pipe Access Validation

Sendmail 8.12.x - SMRSH Double Pipe Access Validation source: https://www.securityfocus.com/bid/5845/info Sendmail is a freely available, open source mail transport agent. It is maintained and distributed by the Sendmail Consortium. Sendmail is available for the Unix and Linux operating systems...

DEBIAN-CVE-2002-0871

xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe...

pipe problems in xinetd

Child process can access pipe descriptior used for internal signal handling...

FreeBSD kqueue DoS

Pipe with one end closed causes system panic after applying EVFILTWRITE filter...

CVE-2002-0066

Funk Software Proxy Host 3.x contains multiple issues, primarily: (1) a Windows Named Pipe created by Proxy Host that is accessible with Everyone Full Control, allowing local/remote users to invoke configuration utilities and potentially gain privileges; (2) insecure password storage and recovery...

psyBNC 2.3 - Denial of Service

/ psyBNC include include include include include include include include include define SIZE 9000 define PORT 31337 define USER "pr0ix" int senddos...

CVE-2002-0066

Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges...

CVE-1999-1127

Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service resource exhaustion via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability...

CVE-2001-1519

RunAs runas.exe in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to...