1907 matches found
CVE-2007-2452
Heap-based buffer overflow in the visitoldformat function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036...
[SECURITY] [DSA 1291-1] New samba packages fix multiple vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1291-1 [email protected] http://www.debian.org/security/ Noah Meyerhans May 15, 2007 - ------------------------------------------------------------------------ Package : samba Vulnerability :...
CVE-2007-2444
Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user...
Local SID/Name translation bug can result
Description When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon's internal security stack may result in a transition to the root user id rather than the non-root user. The user is then able to temporarily issue SMB/CIFS protocol...
GLSA-200703-20 : LSAT: Insecure temporary file creation
The remote host is affected by the vulnerability described in GLSA-200703-20 LSAT: Insecure temporary file creation LSAT insecurely writes in /tmp with a predictable filename. Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewher...
LSAT: Insecure temporary file creation
Background The Linux Security Auditing Tool LSAT is a post install security auditor which checks many system configurations and local network settings on the system for common security or configuration errors and for packages that are not needed. Description LSAT insecurely writes in /tmp with a...
Zend Platform不安全文件访问权限漏洞
Zend Platform是企业级PHP应用的运行时平台环境。 Zend Platform的文件安装存在权限配置错误,本地攻击者可能利用此漏洞获取权限提升。 Zend Platform所安装的一些二进制程序和SHELL脚本没有设置安全的文件访问权限,导致Web服务器用户或安装Zend Platform的用户帐号错误地拥有了某些文件。如果入侵了Web服务器或安装Zend Platform的用户帐号的话,攻击者就可以通过替换或编辑文件获得权限提升,在下一次服务器重启时以root用户权限执行文件。 Zend Platform = 2.2.3 ----...
MDKA-2007:005 : nmap
The version of nmap shipped with Mandriva Linux 2007 was built against the system copies of the libpcap and libdnet libraries. However, nmap actually requires changes to be made to these libraries which have not yet been made to the upstream versions, and consequently should be compiled against i...
GLSA-200702-02 : ProFTPD: Local privilege escalation
The remote host is affected by the vulnerability described in GLSA-200702-02 ProFTPD: Local privilege escalation A flaw exists in the modctrls module of ProFTPD, normally used to allow FTP server administrators to configure the daemon at runtime. Impact : An FTP server administrator permitted to...
linux/x86 add root user r00t with no password to /etc/passwd 69 bytes
No description provided by source. / By Kris Katterjohn 11/14/2006 69 byte shellcode to add root user 'r00t' with no password to /etc/passwd for Linux/x86 section .text global start start: ; open"/etc//passwd", OWRONLY | OAPPEND push byte 5 pop eax xor ecx, ecx push ecx push 0x64777373 push...
The reproduction of social engineering-vulnerability warning-the black bar safety net
Article author: withered Ling roseN. C. P. H Information source: evil octal information security teamwww.eviloctal.com to This is my osmosis in the process of a real experience,I would have thought after two days of time to get to the master server,the Master Station program on the Master Station...
Chetcpasswd本地权限提升漏洞
Chetcpasswd是一个允许用户通过Web更改自己Squid及Web访问口令的工具。 Chetcpasswd在处理参数时存在漏洞,本地攻击者可能利用此漏洞提升自己权限。 如果配置为使用postchange和alertemail的话,或在更改口令后将新的passwd文件拷贝到旧的passwd文件,chetcpasswd就可能不安全地执行外部程序,允许本地攻击者获得root用户权限。但要利用这个漏洞要求攻击者在服务器上拥有有效的shell帐号且知道允许使用chetcpasswd的IP地址。 CHETCPASSWD CHETCPASSWD 2.4.1...
GNU Radius: Format string vulnerability
Background GNU Radius is a GNU version of Radius, a server for remote user authentication and accounting. Description A format string vulnerability was found in the sqllog function from the SQL accounting code for radiusd. That function is only used if one or more of the "postgresql", "mysql" or...
iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so Directory Traversal Vulnerability
Sun Microsystems Solaris ld.so Directory Traversal Vulnerability iDefense Security Advisory 12.12.06 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 12, 2006 I. BACKGROUND Solaris is a UNIX operating system developed by Sun Microsystems. More information can be found at...
iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so 'doprf()' Buffer Overflow Vulnerability
Sun Microsystems Solaris ld.so 'doprf' Buffer Overflow Vulnerability iDefense Security Advisory 12.12.06 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 12, 2006 I. BACKGROUND Solaris is a UNIX operating system developed by Sun Microsystems. More information can be found at...
GLSA-200612-12 : F-PROT Antivirus: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200612-12 F-PROT Antivirus: Multiple vulnerabilities F-Prot Antivirus version 4.6.7 fixes a heap-based buffer overflow, an infinite loop, and other unspecified vulnerabilities. Impact : Among other weaker impacts, a remote attacke...
linux/x86 - add root user r00t with no password to /etc/passwd 69 bytes
linux/x86 add root user r00t with no password to /etc/passwd 69 bytes. Shellcode exploit for linx86 platform / By Kris Katterjohn 11/14/2006 69 byte shellcode to add root user 'r00t' with no password to /etc/passwd for Linux/x86 section .text global start start: ; open"/etc//passwd", OWRONLY |...
IBM AIX cfgmgr工具本地权限提升及任意文件覆盖漏洞
IBM AIX是一款商业性质的UNIX操作系统。 AIX的cfgmgr工具的实现上存在缓冲区漏洞,本地攻击者可能利用此漏洞提升权限或导致文件覆盖。 如果system组的用户提交了大于长度2K的目录路径字符串做为参数的话,就会触发这个漏洞,导致覆盖任意系统文件或以root用户权限执行任意指令。 IBM AIX 5.3 IBM AIX 5.2 厂商补丁: IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: ftp://aix.software.ibm.com/aix/efixes/security/cfgmgrifix.tar.Z...
IBM AIX rdist工具本地任意文件覆盖漏洞
IBM AIX是一款商业性质的UNIX操作系统。 AIX的/usr/bin/rdist工具实现上存在漏洞,本地攻击者可能利用此漏洞覆盖任意文件并以root用户权限执行任意指令。 IBM AIX 5.3 IBM AIX 5.2 临时解决方法: 删除setuid root位: chmod 555 /usr/bin/rdist 厂商补丁: IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: ftp://aix.software.ibm.com/aix/efixes/security/rdistifix.tar.Z...
wireshark security update
CentOS Errata and Security Advisory CESA-2006:0658 New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program...