[SECURITY] [DSA 976-1] New libast packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 976-1 [email protected] http://www.debian.org/security/ Martin Schulze February 15th, 2006 http://www.debian.org/security/faq -...

GLSA-200601-14 : LibAST: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-200601-14 LibAST: Privilege escalation Michael Jennings discovered an exploitable buffer overflow in the configuration engine of LibAST. Impact : The vulnerability can be exploited to gain escalated privileges if the application...

LibAST: Privilege escalation

Background LibAST is a utility library that was originally intended to accompany Eterm, but may be used by various other applications. Description Michael Jennings discovered an exploitable buffer overflow in the configuration engine of LibAST. Impact The vulnerability can be exploited to gain...

Ubuntu 4.10 : emacs21 vulnerability (USN-76-1)

Max Vozeler discovered a format string vulnerability in the 'movemail' utility of Emacs. By sending specially crafted packets, a malicious POP3 server could cause a buffer overflow, which could have been exploited to execute arbitrary code with the privileges of the user and the 'mail' group sinc...

Mandrake Linux Security Advisory : uim (MDKSA-2005:198)

Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libuim. The updated packages have been patched to address this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...

Code injection

The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0...

CVE-2006-0071

The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0...

CVE-2006-0071

The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0...

CVE-2006-0071

The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0...

CVE-2006-0071

Pinentry on Gentoo is affected by CVE-2006-0071: the pinentry ebuild before 0.7.2-r2 sets the sgid bit on pinentry binaries, allowing local users to read or overwrite files with gid 0. Affected packages include pinentry, pinentry-curses, pinentry-gtk, and pinentry-gtk. Remediation: upgrade to pin...

SCO OpenServer 5.0.7 - termsh Local Privilege Escalation

SCO OpenServer 5.0.7 - termsh Local Privilege Escalation / SCO Openserver 5.0.7 termsh exploit =================================== 'termsh' is a program to view or modify an existing terminal entry on SCO Openserver. A stack based overflow exists in the handling of command line arguements, namely...

CVE-2005-4741

NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid PSUGID process that performs an exec without a reset of real credentials...

CVE-2004-2611

The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 aka 0.9.6-r5, possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the 1 setuid, 2 setgid, and 3 sticky bits when changing a file, which might allow attackers to gain privileges or conduct other...

[SECURITY] [DSA 895-1] New uim packages fix privilege escalation

-------------------------------------------------------------------------- Debian Security Advisory DSA 895-1 [email protected] http://www.debian.org/security/ Martin Schulze November 14th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 895-1] New uim packages fix privilege escalation

-------------------------------------------------------------------------- Debian Security Advisory DSA 895-1 [email protected] http://www.debian.org/security/ Martin Schulze November 14th, 2005 http://www.debian.org/security/faq -...

[Full-disclosure] iDEFENSE Security Advisory 10.24.05: SCO Openserver authsh 'Home' Buffer Overflow Vulnerability

SCO Openserver authsh 'Home' Buffer Overflow Vulnerability iDEFENSE Security Advisory 10.24.05 http://www.idefense.com/application/poi/display?type=vulnerabilities October 24, 2005 I. BACKGROUND SCO OpenServer is a UNIX-like operating system for x86 platforms. II. DESCRIPTION Local exploitation o...

Uim: Privilege escalation vulnerability

Background Uim is a multilingual input method library which provides secure and useful input method for all languages. Description Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libui...

uim -- privilege escalation vulnerability

The uim developers reports: Masanari Yamamoto discovered that incorrect use of environment variables in uim. This bug causes privilege escalation if setuid/setgid applications was linked to libuim. This bug appears in 'immodule for Qt' enabled Qt. Normal Qt is also safe. In some distribution,...

urbanGame.txt

Multiple vulnerabilities in FreeBSD 'urban' September 4th, 2005 I. BACKGROUND URBAN is a bloody, violent sidescrolling shoot-em-up in which you're a renegade military cyborg fighting your way out of the military base where you were created. 'urban' is maintained and distributed as a FreeBSD ports...

Frox 0.7.18 - Arbitrary Configuration File Access

Frox 0.7.18 - Arbitrary Configuration File Access source: https://www.securityfocus.com/bid/14711/info Frox is prone to a vulnerability that permits read access to arbitrary files. Successful exploitation of this vulnerability will grant the attacker read access to arbitrary files on the system i...