cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Local Buffer Overflow (3)

// source: https://www.securityfocus.com/bid/2914/info cfingerd is a secure implementation of the finger daemon. cfingerd has been contributed to by many authors, and is maintained by the cfingerd development team. A buffer overflow in cfingerd makes it possible for a local user to gain elevated...

tcpdump vulnerable to buffer overflow via parsing of AFS ACL packets

Overview Tcpdump version 3.5 contains a buffer overflow vulnerability permitting unauthorized remote root access. Description Tcpdump version 3.5 added support for handling AFS packets. Unfortunately the code responsible for printing AFS access control lists contains an unchecked buffer that can ...

CVE-2001-0403

/opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI...

IRIX 5.3/6.x - 'netprint' Arbitrary Shared Library Usage

// source: https://www.securityfocus.com/bid/2656/info The 'netprint' utility shipped with SGI Irix systems is used to send print jobs to print spoolers on remote hosts. It is installed setuid root by default. At the command line, 'netprint' accepts an option to specify the network type -n. This...

Aptis Software TotalBill 3.0 - Remote Command Execution

Aptis Software TotalBill 3.0 - Remote Command Execution // source: https://www.securityfocus.com/bid/1555/info Aptis Software offers a billing / provisioning solution for ISPs called TotalBill. One component of the TotalBill package is a network service called Sysgen that listens on or around por...

Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Remote Buffer Overflow (3)

// source: https://www.securityfocus.com/bid/1220/info Several buffer overflow vulnerabilities exist in Kerberos 5 implmenetations due to buffer overflows in the Kerberos 4 compatability code. These include MIT Kerberos 5 releases 1.0.x, 1.1 and 1.1.1, MIT Kerberos 4 patch level 10 and, most...

Mandrake 6.x / RedHat 6.x / Turbolinux 3.5 b2/4.x/6.0.2 userhelper/PAM - Path (2)

// source: https://www.securityfocus.com/bid/913/info Because of double path vulnerabilities in the binary userhelper and PAM, it is possible to get root locally on RedHat 6.0 and 6.1 systems. Both userhelper and PAM follow ".." paths and userhelper allows you to specifiy a program to execute as ...

CVE-1999-0082

CWD root command in ftpd allows root access...

CVE-1999-0277

The WorkMan program can be used to overwrite any file to get root access...

ftpwatch.txt

Date: Sun, 17 Jan 1999 11:48:22 -0400 From: Jamie Fifield Reply-To: [email protected] To: [email protected] Subject: SECURITY ftpwatch package has major security problems -----BEGIN PGP SIGNED MESSAGE----- We have found that the ftpwatch package as distributed in Debian GNU/Linux 1.3 and lat...

[SECURITY] ftpwatch package has major security problems

We have found that the ftpwatch package as distributed in Debian GNU/Linux 1.3 and later distributions has a security problem which makes it trivial for users to gain root access. We recommend that you remove the ftpwatch package immediately. We will be working on a new version of ftpwatch to...

HP-UX 10.x/11.x - Aserver PATH

source: https://www.securityfocus.com/bid/1929/info Aserver is a server program that ships with HP-UX versions 10.x and above that is used to interface client applications with the audio hardware. Because it talks to hardware, it is installed setuid root by default. During normal execution, Aserv...

[SECURITY] Current versions of lpr fixes security problem

We have received reports that buffer overflows in lprm may allow users to gain root access to the local system. We recommend that you use the binaries from hamm or any newer release. dpkg -i file.deb will install the referred file. Debian GNU/Linux 2.0 alias hamm Source archives:...

BSDOS 2.1 DGUX 7.0 Debian 1.3 HP-UX 10.34 IBM AIX 4.2 SGI IRIX 6.4 Solaris 2.5.1 - xlock Local Overflow Local Privilege Escalation (1)

BSDOS 2.1 DGUX 7.0 Debian 1.3 HP-UX 10.34 IBM AIX 4.2 SGI IRIX 6.4 Solaris 2.5.1 - xlock Local Overflow Local Privilege Escalation 1 / source: https://www.securityfocus.com/bid/224/info The xlock program is used to lock the local X display until the user supplies the correct password. A buffer...