[SECURITY] [DSA-032-2] proftp runs as root, /var symlink removal

Package: proftpd Vulnerability: proftpd running as root, /var symlink removal Debian-specific: yes This is an update to the DSA-032-1 advisory. The powerpc package that was listed in that advisory was unfortunately compiled on the wrong system which caused it to not work on a Debian GNU/Linux 2.2...

/usr/sbin/audlinks has the following behavior: $ id uid=100optyx gid=1other $ mkdir -p /tmp/b/dev $ ln -s /.rhosts /tmp/b/dev/.devfsadmdev.lock $ su root Password: /usr/sbin/audlinks -r /tmp/b ls -l /.rhosts -rw-r--r-- 1 root other 4 Dec 28 14:28 /.rhosts truss output snippet:...

Sun Solaris 7.0 - '/usr/dt/bin/dtprintinfo' Local Buffer Overflow

/ source: https://www.securityfocus.com/bid/249/info The dtprintinfo is a setuid commands open the CDE Print Manager window. A stack based buffer overflow in the handling of the "-p" option allow the execution of arbitrary code as root. This vulnerablity has been assigned Sun Bug 4139394. The...

Slackware Linux 3.4 - netconfig Temporary File

Slackware Linux 3.4 - netconfig Temporary File source: https://www.securityfocus.com/bid/81/info netconfig creates the file /tmp/tmpmsg insecurely and follows symbolic links. An attacker can create a symbolic link from /tmp/tmpmsg to any file and wait for root to run the program. This will clober...