Mandrake Linux Security Advisory : usermode (MDKSA-2003:031-1)

The /usr/bin/shutdown command that comes with the usermode package can be executed by local users to shutdown all running processes and drop into a root shell. This command is not really needed to shutdown a system, so it has been removed and all users are encouraged to upgrade. Please note that...

eSeSIX Thintune thin client multiple vulnerabilities

eSeSIX Thintune thin client multiple vulnerabilities IT-Consult, 2004-07-24 Background - -------- Thintune is a series of thin client appliances sold by eSeSIX GmbH, Germany. They offer ICA, RDP, X11 and SSH support based on a customized Linux platform. See http://www.thintune.com for details...

CVE-2003-1011

Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell...

consroot.exp

Hi there, here is a fully automated script for getting a root shell using a normal user account and remote-console acces. The Script was written by me based on an article from phrack.com article 53 - hacking forth by mudge ---snip--- --- consroot.exp " puts "\twhere MODE is one of:" puts "\t\tT =...

Samba < 2.2.8a / 3.0.0 Multiple Remote Overflows

The remote Samba server is vulnerable to a buffer overflow when it calls the function trans2open. An attacker may exploit this flaw to gain a root shell on this host. In addition, it is reported that this version of Samba is vulnerable to additional overflows, although Nessus has not checked for...

Mandrake usermode utilities unauthorized access

Any user can halt/reboot system and obtain root shell from console...

Solaris mibiisa MIB Parsing Remote Overflow

The remote host is running mibiisa. There is a buffer overflow in older versions of this software, which may allow an attacker to gain a root shell on this host. Note that Nessus did not actually check for this vulnerability so this might be a false positive. C Tenable Network Security, Inc. XXXX...

logwatch211.sh

--- INTRO --- LogWatch is a customizable log analysis system. LogWatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. The collected results are reported to a chosen e-mail address, root by...

macosxsetuidroot.txt

Dump to text file if you find easier. http://www.securemac.com/macosxsetuidroot.php Operating System: Max OS X Version Affected: up to 10.1 Security Risk: High Remote: No Fixed: No About: Mac OS X over the past few months have started to splout security concerns, this being one of the first most...

Exploit for xinetd-2.1.8.9pre11-1

Hi bugtraq. I read the zen-parse's advisory about the 'potential' overflow, as he said, in xinetd-2.1.8.9pre11-1 and I tried to work around it. First of all we have to remember that the bof occurs only if, in the configuration file of the daemon, there is an entry like this: logonsuccess = HOST P...

Solaris snmpXdmid Long Indication Event Overflow (ELVISCICADA)

The remote RPC service 100249 snmpXdmid is vulnerable to a heap overflow which allows any user to obtain a root shell on this host. ELVISCICADA is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/08 by a group known as the Shadow Brokers. This script is released...

BIND 8.2.x (TSIG) Remote Root Stack Overflow Exploit (3)

Exploit for linux platform in category remote exploits ======================================================== BIND 8.2.x TSIG Remote Root Stack Overflow Exploit 3 ======================================================== / copyright LAST STAGE OF DELIRIUM feb 2001 poland ://lsd-pl.net/ / / bind...

Sendmail 8.11.x Exploit (i386-Linux)

Exploit for linux platform in category local exploits ==================================== Sendmail 8.11.x Exploit i386-Linux ==================================== / sendmail 8.11.x exploit i386-Linux by email protected email protected This code exploits well-known local-root bug in sendmail 8.11....

kon2

-------------------------------------------------------------------------------------------------------------------------------------------- Info : Package : kon2-0.3.8 Compromise : root Vulnerable Sistems : All linux sistems that have this package installed. Author : E-Ligth Hugo Oliveira Dias -...

MDKSA-2000:028 kon2 update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Linux-Mandrake Security Update Advisory Package name: kon2 Date: August 1st, 2000 Advisory ID: MDKSA-2000:028 Affected versions: 7.0, 7.1 Problem Description: There is a vulnerable suid program called fld. This program accepts option input from a text...

Mandrake 7.07.1 RedHat Kon2 0.3.9 - usrbinfld Input File Overflow

Mandrake 7.07.1 RedHat Kon2 0.3.9 - usrbinfld Input File Overflow / source: https://www.securityfocus.com/bid/1371/info KON Kanji On Console is a package for displaying Kanji text under Linux and comes with two suid binaries which are vulnerable to buffer overflows. "fld", one of the vulnerable...

Kerberos klogind Remote Overflow

The remote klogind seems to be affected by a buffer overflow vulnerability involving its 'krbrdreq' library function that may also affect other Kerberos-related programs. An attacker may use this to gain a root shell on this host. C Tenable Network Security, Inc. include"compat.inc"; if descripti...

KDE 1.1/1.1.1/1.2/2.0 kscd - SHELL Environmental Variable

source: https://www.securityfocus.com/bid/1206/info Some linux distributions S.u.S.E. 6.4 reported ship with kscd a CD player for the KDE Desktop sgid disk. kscd uses the contents of the 'SHELL' environment variable to execute a browser. This makes it possible to obtain a sgid 'disk' shell. Using...

RedHat Linux 6.0 - Single User Mode Authentication

source: https://www.securityfocus.com/bid/1005/info A vulnerability exists in the manner in which RedHat Linux 6.0 protects the obtaining of a shell by booting single user mode. RedHat will prompt for the root password upon entering single user mode. Pressing ^C causing a SIGINT to be sent...