CVE-2002-2396

Buffer overflow in Advanced TFTP atftp 0.5 and 0.6, if installed setuid or setgid, may allow local users to execute arbitrary code via a long argument to the -g option...

CVE-2002-2334

CVE-2002-2334 affects Joe text editor versions 2.8–2.9.7. Backup files do not have their group and user setuid bits removed, which could allow local users to execute arbitrary setuid/setgid root programs when root edits scripts owned by other users. The NVD CVSS score is 3.6 (LOW) with local atta...

CVE-2002-2334

Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users...

GLSA-200710-18 : util-linux: Local privilege escalation

The remote host is affected by the vulnerability described in GLSA-200710-18 util-linux: Local privilege escalation Ludwig Nussel discovered that the checkspecialmountprog and checkspecialumountprog functions call setuid and setgid in the wrong order and do not check the return values, which can...

Mandrake Linux Security Advisory : util-linux (MDKSA-2007:198)

The mount and umount programs in util-linux called the setuid and setgid functions in the wrong order and did not check the return values, which could allow attackers to grain privileges via helper applications such as mount.nfs. Updated packages have been patched to fix this issue. %NASLMINLEVEL...

Linux mount / umount privilege escalation

Invalid order of setuid / setgid calls and unchecked return value...

DEBIAN-CVE-2007-5191

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs...

CVE-2007-5191

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs...

CVE-2007-5191

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs...

ProFTPd 1.3.01.3.0a - mod_ctrls support Local Buffer Overflow (1)

ProFTPd 1.3.01.3.0a - modctrls support Local Buffer Overflow 1 !/usr/bin/perl -w $Id: revengeproftpdctrls24.pl, v1.0 2007/02/18 19:24:22 revenge Exp $ ProFTPD v1.3.0/1.3.0a Controls Buffer Overflow Exploit Old style school sploit against gcc 3.x and linux kernel 2.4 Original Advisory :...

Izik : Reverse Engineering with LD_PRELOAD

July, 06 2005г.| Izik Reverse Engineering with LDPRELOAD This paper is about the LDPRELOAD feature, and how it can be useful for reverse engineering dynamically linked executables. This technique allows you to hijack functions/inject code and manipulate the application flow. Compiling Methods...

DEBIAN-CVE-2006-6008

ftpd in Linux Netkit linux-ftpd 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different...

Xcode OpenBase 10.0.0 (OSX) - Unsafe System Call Privilege Escalation

Xcode OpenBase 10.0.0 OSX - Unsafe System Call Privilege Escalation !/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom \n\nTargets:\n\n"; foreach $key sortkeys %tgts $a,$b = split/:/,$tgts"$key"; print "\t$key . $a - $b\n"; print "\n"; exit 1; $ret =...

Debian DSA-895-1 : uim - programming error

Masanari Yamamoto discovered incorrect use of environment variables in uim, a flexible input method collection and library, that could lead to escalated privileges in setuid/setgid applications linked to libuim. Affected in Debian is at least mlterm. %NASLMINLEVEL 70300 C Tenable Network Security...

openmovieeditor 0.0.20060901 - name Local Buffer Overflow

openmovieeditor 0.0.20060901 - name Local Buffer Overflow / openmovieeditor buffer overflow exploit by qnix envt/envt -s 2 Shellcode: linux/x86 setuid0,setgid0 execve/bin/sh, /bin/sh, NULL 37 bytes + Setting memory for the shellcode. + Copying shellcode to memory. + Putting shellcode in the...

openmovieeditor 0.0.20060901 - 'name' Local Buffer Overflow

/ openmovieeditor buffer overflow exploit by qnix envt/envt -s 2 Shellcode: linux/x86 setuid0,setgid0 execve/bin/sh, /bin/sh, NULL 37 bytes + Setting memory for the shellcode. + Copying shellcode to memory. + Putting shellcode in the environment. + Going into the environment ENVT and exiting...

Apple Mac OSX 10.4.7 - fetchmail Privilege Escalation

!/bin/sh http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom Previously undisclosed local fetchmail issue. This takes setgid=6 http://docs.info.apple.com/article.html?artnum=106704 export PATH=/tmp:$PATH echo /bin/sh -i /tmp/uname chmod +x /tmp/uname /usr/bin/fetchmail -V...

rocksmountdirty.txt

!/bin/sh rocksmountdirty.sh: Rocks release =4.1 local root exploit make sure 'mount-loop' is in your path for this to work. coded by: [email protected] http://xavsec.blogspot.com echo "Rocks Clusters =4.1 mount-loop local root exploit by [email protected] http://xavsec.blogspot.com" echo...

Super Junior Linux Backdoor method of making-a vulnerability warning-the black bar safety net

A file has an owner, indicating that the file who is create. At the same time, the file there is a group number, indicating that the file belongs to the group, typically the owner of the file belongs to the group. If it is an executable file, then in the implementation, generally the file only ha...

linux/x86 setuid(0),setgid(0) execve(/bin/sh, [/bin/sh, NULL]) 37 bytes

Exploit for linux/x86 platform in category shellcode ======================================================================= linux/x86 setuid0,setgid0 execve/bin/sh, /bin/sh, NULL 37 bytes ======================================================================= / Linux/x86 setuid0 + setgid0 +...