CVE-2004-1453

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LDDEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program...

CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters...

CVE-2004-1070

The loadelfbinary function in the binfmtelf loader binfmtelf.c in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernelread function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary...

CVE-2004-1028

Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod...

CVE-2004-1149

Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions ACLs, which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe...

CVE-2004-1329

The CVE describes an untrusted execution path vulnerability in IBM AIX 5.1–5.3: the diag commands (lsmcode, diag_exec, invscout, invscoutd) can be coerced into running arbitrary code when the DIAGNOSTICS environment variable is modified to reference a malicious Dctrl program. Affected components/...

[ GLSA 200501-06 ] tiff: New overflows in image decoding

Gentoo Linux Security Advisory GLSA 200501-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

DEBIAN-CVE-2004-1453

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LDDEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program...

CVE-2004-0850

Star before 1.5alpha46 does not drop the effective user ID euid before calling external programs, which could allow local users to gain privileges by modifying the RSH environment variable to reference a malicious program...

CVE-2004-0873

Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program...

CVE-2004-1028

CVE-2004-1028 describes a local privilege-escalation in IBM AIX chcod. The setuid root chcod on AIX 5.1.0/5.2.0/5.3.0 trusts PATH and invokes an external program named “grep.” If a local attacker can place a malicious grep in a directory in PATH and run chcod, arbitrary code could be executed wit...

CVE-2004-1070

The loadelfbinary function in the binfmtelf loader binfmtelf.c in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernelread function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary...

CVE-2004-1117

The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs...

CVE-2004-1021

iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms...

[Full-Disclosure] [ GLSA 200411-07 ] Proxytunnel: Format string vulnerability

Gentoo Linux Security Advisory GLSA 200411-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

Mandrake Linux Security Advisory : perl-Archive-Zip (MDKSA-2004:118)

Recently, it was noticed that several antivirus programs miss viruses that are contained in ZIP archives with manipulated directory data. The global archive directory of these ZIP file have been manipulated to indicate zero file sizes. Archive::Zip produces files of zero length when decompressing...

GLSA-200410-08 : ncompress: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200410-08 ncompress: Buffer overflow compress and uncompress do not properly check bounds on command line options, including the filename. Large parameters would trigger a buffer overflow. Impact : By supplying a carefully crafted...

Debian DSA-342-1 : mozart - unsafe mailcap configuration

mozart, a development platform based on the Oz language, includes MIME configuration data which specifies that Oz applications should be passed to the Oz interpreter for execution. This means that file managers, web browsers, and other programs which honor the mailcap file could automatically...

Debian DSA-463-1 : samba - privilege escalation

Samba, a LanManager-like file and printer server for Unix, was found to contain a vulnerability whereby a local user could use the 'smbmnt' utility, which is setuid root, to mount a file share from a remote server which contained setuid programs under the control of the user. These programs could...

Debian DSA-039-1 : glibc

The version of GNU libc that was distributed with Debian GNU/Linux 2.2 suffered from 2 security problems : - It was possible to use LDPRELOAD to load libraries that are listed in /etc/ld.so.cache, even for suid programs. This could be used to create and overwrite files which a user should not be...