IRIX fsr_xfs vulnerability

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title: fsrxfs vulnerability Number: 20020504-01-I Date: May 8, 2002 Reference: CAN-2002-0356 - ----------------------- - --- Issue Specifics --- - ----------------------- It's been reported that there is a problem with the fsrxfs XFS...

[UNIX] Suid Application Execution May Give Local Root

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion When was the last time you checked your server's security? How about a monthly report? http://www.AutomatedScanning.com - Know that you're...

OpenBSD 2.9/3.0 - Default Crontab Root Command Injection

/ source: https://www.securityfocus.com/bid/4495/info OpenBSD ships with a number of cron jobs configured by default. The tasks are for the purpose of summarizing system information. The mail1 utility is used to send the summaries to the root user. This utility supports escaped characters in...

[SECURITY] [DSA 101-1] New sudo packages fix local root exploit

-------------------------------------------------------------------------- Debian Security Advisory DSA 101-1 [email protected] http://www.debian.org/security/ Martin Schulze January 14th, 2002 - -------------------------------------------------------------------------- Package : sudo...

[SECURITY] [DSA 101-1] New sudo packages fix local root exploit

-------------------------------------------------------------------------- Debian Security Advisory DSA 101-1 [email protected] http://www.debian.org/security/ Martin Schulze January 14th, 2002 - -------------------------------------------------------------------------- Package : sudo...

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (4)

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link 4 source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves...

Solaris /bin/login Remote Root Exploit (SPARC/x86)

Exploit for linux platform in category remote exploits ================================================== Solaris /bin/login Remote Root Exploit SPARC/x86 ================================================== / 7350963 - /bin/login remote root explot SPARC/x86 TESO CONFIDENTIAL - SOURCE MATERIALS Th...

New Advisory + Exploit

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++GOBBLES+SECURITY+RESEARCH+TEAM+INCORPORATED+++++++++++++++++ ALERT! ALERT! FREEBSD LOCAL ROOT VULNERABILITY! ALERT! ALERT! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ include...

[SECURITY] [DSA-092-1] local root in wmtv

Package : wmtv Problem type : local root exploit Debian-specific: no Nicolas Boullis found a nasty security problem in the wmtv a dockable video4linux tv player for windowmaker package as distributed in Debian GNU/Linux 2.2. wmtv can optionally run a command if you double-click on the tv window...

[SECURITY] [DSA-092-1] local root in wmtv

-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory DSA-092-1 [email protected] http://www.debian.org/security/ Wichert Akkerman December 6, 2001 -...

SuSE Linux 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Shell Definition Format String

// source: https://www.securityfocus.com/bid/3572/info Parallel Make pmake is a freely available version of the make program, originally distributed with Berkeley Unix. It is designed to execute Makefiles and build programs. pmake is not typically setuid root, although some Linux distributions...

[SECURITY] [DSA 086-1] New versions of ssh-nonfree & ssh-socks fix buffer overflow

-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------------- Debian Security Advisory DSA 086-1 [email protected] http://www.debian.org/security/ Michael Stone November 13, 2001 -...

[SECURITY] [DSA 086-1] New versions of ssh-nonfree & ssh-socks fix buffer overflow

Package: ssh-nonfree, ssh-socks Vulnerability: remote root exploit Debian-specific: no We have received reports that the "SSH CRC-32 compensation attack detector vulnerability" is being actively exploited. This is the same integer type error previously corrected for OpenSSH in DSA-027-1. OpenSSH...

gm4 format strings on OSX

This in itself is not an issue due to the lack of a suid bit... however if I remember correctly there were a few linux suid root binaries that were reliant upon m4 in some way or another thus making them vulnerable to a local root expoit. This is on osx 10.1. OSXBOX: elguapo ls -al which m4...

[SECURITY] [DSA 083-1] New procmail packages fix insecure signal handling

-------------------------------------------------------------------------- Debian Security Advisory DSA 083-1 [email protected] http://www.debian.org/security/ Martin Schulze October 18th, 2001 - -------------------------------------------------------------------------- Package : procmail...

[SECURITY] [DSA 082-1] News Xvt packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 082-1 [email protected] http://www.debian.org/security/ Martin Schulze October 18th, 2001 - -------------------------------------------------------------------------- Package : xvt...

OpenUNIX 8 & Unixware possible local root

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Another dt series bug... $ uname -a OpenUNIX zen 5 8.0.0 i386 x86at Caldera UNIXSVR5 $ id uid=101fixxxer gid=1other $ ls -al /usr/dt/bin/dtterm - -r-sr-xr-x 1 root bin 60892 Haz 10 05:03 /usr/dt/bin/dtterm $ /usr/dt/bin/dtterm -tn perl -e 'print...

Important: Red Hat Security Advisory: : Updated man package fixing GID security problems.

Updated man packages fixing a local GID man exploit and a potential GID man to root exploit, as well as a problem with the man paths of Red Hat Linux 5.x and 6.x. Users could gain access to the GID man by overrunning a buffer in the ultimatesource function. Users with GID man could get root acces...

Solaris in.lpd Transfer Job Routine Remote Buffer Overflow

The remote lpd daemon seems to be vulnerable to a buffer overflow when sent too many 'Receive data file' commands. An attacker may use this flaw to gain root on this host. C Tenable Network Security, Inc. This plugin was realized thanks to the help of the french "eXperts" working group -...

URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Secure Shell Community, A potential remote root exploit has been discovered in SSH Secure Shell 3.0.0, for Unix only, concerning accounts with password fields consisting of two or fewer characters. Unauthorized users could potentially log in to...