Debian DSA-044-1 : mailx

The mail program a simple tool to read and send email as distributed with Debian GNU/Linux 2.2 has a buffer overflow in the input parsing code. Since mail is installed setgid mail by default this allowed local users to use it to gain access to mail group. Since the mail code was never written to ...

Debian DSA-316-1 : nethack - buffer overflow, incorrect permissions

The nethack and slashem packages are vulnerable to a buffer overflow exploited via a long '-s' command line option. This vulnerability could be used by an attacker to gain gid 'games' on a system where nethack is installed. Additionally, some setgid binaries in the nethack package have incorrect...

RsyncX vulnerabilities

Product: RsyncX is a frontend for rsync running on OS X, with additional features such as crontab editing. http://www.macosxlabs.org/rsyncx/rsyncx.html Problems: 1 RsyncX is installed setuid root and setgid wheel. Upon execution, the program drops root privileges only via seteuidgetuid . However ...

MacOSXLabs RsyncX 2.1 - Local Privilege Escalation

MacOSXLabs RsyncX 2.1 - Local Privilege Escalation source: https://www.securityfocus.com/bid/11211/info It is reported that RsyncX is prone to a local privilege escalation vulnerability. RsyncX is installed setuid root and setgid wheel. It is reported that RsyncX drops root privileges properly bu...

Mandrake Linux Security Advisory : gnupg (MDKSA-2001:053-1)

A format string vulnerability exists in gnupg 1.0.5 and previous versions which is fixed in 1.0.6. This vulnerability can be used to invoke shell commands with privileges of the currently logged-in user. Update : The /usr/bin/gpg executable was installed setuid root and setgid root. While being...

DSA-484 xonix - failure to drop privileges

Bulletin has no description...

Samba 2.2.8 (Linux Kernel 2.6 Debian Mandrake) - Share Privilege Escalation

Samba 2.2.8 Linux Kernel 2.6 Debian Mandrake - Share Privilege Escalation source: https://www.securityfocus.com/bid/9619/info A local privilege escalation vulnerability has been reported to affect the 2.6 Linux kernel. The issue appears to exist due to a lack of sufficient sanity checks performed...

CVE-2003-0937

SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID PID by obtaining a procfs file descriptor for the file and calling execve on a setuid or setgid program, which leaves the descriptor open to the user...

PT-2003-1958 · Sco · Open Unix +1

Name of the Vulnerable Software and Affected Versions: SCO UnixWare versions 7.1.1, 7.1.3 Open UNIX version 8.0.0 Description: The issue allows local users to bypass protections for the address space file for a process ID by obtaining a procfs file descriptor for the file and calling execve on a...

BSD-Games 2.x - Monop Player Name Local Buffer Overrun (1)

BSD-Games 2.x - Monop Player Name Local Buffer Overrun 1 // source: https://www.securityfocus.com/bid/8501/info Monop included in bsd-games is prone to a locally exploitable buffer overrun vulnerability. This is due to insufficient bounds checking of player names. Monop is typically installed...

Xtokkaetama 1.0 b-6 - Nickname Local Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/8337/info xtokkaetama is prone to a locally exploitable buffer overflow vulnerability. This is due to insufficient bounds checking of the '-nickname' command line option, which could result in execution of arbitrary code in the context of the software...

Xtokkaetama 1.0 b-6 - Nickname Local Buffer Overflow (2)

Xtokkaetama 1.0 b-6 - Nickname Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/8337/info xtokkaetama is prone to a locally exploitable buffer overflow vulnerability. This is due to insufficient bounds checking of the '-nickname' command line option, which could result in...

Xtokkaetama 1.0 b-6 - Nickname Local Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/8337/info xtokkaetama is prone to a locally exploitable buffer overflow vulnerability. This is due to insufficient bounds checking of the '-nickname' command line option, which could result in execution of arbitrary code in the context of the software...

Xtokkaetama 1.0 b-6 - Nickname Local Buffer Overflow (1)

Xtokkaetama 1.0 b-6 - Nickname Local Buffer Overflow 1 // source: https://www.securityfocus.com/bid/8337/info xtokkaetama is prone to a locally exploitable buffer overflow vulnerability. This is due to insufficient bounds checking of the '-nickname' command line option, which could result in...

CVE-2003-0359

nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code...

DEBIAN-CVE-2003-0359

nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code...

CVE-2003-0359

nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code...

CVE-2003-0359

CVE-2003-0359 affects nethack 3.4.0 and earlier, where certain setgid binaries have insecure permissions. This enables a local user to gain privileges by replacing the original binaries with malicious code. The description and related advisories in the connected data confirm the root cause is imp...

CVE-2003-0359

nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code...

CVE-2003-0359

nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code...