Vulnerability in IBM access

Hello, I would like to make to Bugtraq knowledge the existence of a security vulnerability in IBM access software. IBM access is vulnerable to a Shared Section vulnerability. The processes QCWLICON.exe and QCTRAY.exe have the section BaseNamedObjectsQCONDB with invalid rights which allows everyon...

devfs -- ruleset bypass

Problem description Due to insufficient parameter checking of the node type during device creation, any user can expose hidden device nodes on devfs mounted file systems within their jail. Device nodes will be created in the jail with their normal default access permissions. Impact Jailed process...

CVE-2002-2042

ptrace in the QNX realtime operating system RTOS 4.25 and 6.1.0 allows programs to attach to privileged processes, which could allow local users to execute arbitrary code by modifying running processes...

CVE-2001-1551

Linux kernel 2.2.19 enables CAPSYSRESOURCE for setuid processes, which allows local users to exceed disk quota restrictions during execution of setuid programs...

CVE-2001-1514

CVE-2001-1514 affects ColdFusion 4.5 and 5 on Windows when the advanced security sandbox type is set to operating system. The issue is that security context is not properly passed to child processes created with or to those that call CreateProcess and are run via or end with the CFX extension, ...

CVE-2005-1387

Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrative password on the command line to sudo in cleartext, which allows local users to gain sensitive information by running listing processes...

CVE-2005-0719

Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service process crash for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd...

Solaris ping buffer overflow

No description provided...

CVE-2004-1658

Kerio Personal Firewall 4.0 KPF4 allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable...

Superflous NFS Daemon Detection

Binary data 1083.prm...

rsbac protection bypass

suid files can be created from jailed processes...

Trendmicro Officesscan privilege escalation

During virus detection help is launched from local system...

FreeBSD jailed process routing table protection bypass

Jailed process can manipulate with routing table...

FreeBSD-SA-04:12.jailroute

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:12.jailroute Security Advisory The FreeBSD Project Topic: Jailed processes can manipulate host routing tables Category: core Module: kernel Announced:...

Possible DoS on Linux kernel 2.4 and 2.6 using sigqueue overflow.

Hello. We faced a bug ? in Linux kernel causing different misbehaviours on our server. After exploration, it seems that we found some security implications of this issue. When a process exits, it's parent is notified by SIGCHLD, and finished child is kept in process table in "zombie" state until...

linux threaded processes DoS

SIGRT1 signal can be delivired to application causing invalid handling of child threads termination...

FreeBSD Security Advisory FreeBSD-SA-04:03.jail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:03.jail Security Advisory The FreeBSD Project Topic: Jailed processes can attach to other jails Category: core Module: kernel Announced: 2004-02-25 Credits: JA...

Dell TrueMobile 1300 WLAN System 3.10.39.0 Tray Applet - Local Privilege Escalation

Dell TrueMobile 1300 WLAN System 3.10.39.0 Tray Applet - Local Privilege Escalation source: https://www.securityfocus.com/bid/9714/info It has been reported that a privilege escalation vulnerability exists in the Dell TrueMobile 1300 Wireless System Tray Applet. The issue is due to the software...

jailed processes can manipulate host routing tables

A programming error resulting in a failure to verify that an attempt to manipulate routing tables originated from a non-jailed process. Jailed processes running with superuser privileges could modify host routing tables. This could result in a variety of consequences including packets being sent...

Apache mod_php and mod_perl file decriptor leak

Descriptor leakage allowws to spoof https session in child process...