DSA-316 nethack - buffer overflow, incorrect permissions

Bulletin has no description...

XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (3)

// source: https://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment variable. A local attacker can exploi...

Nethack 3 - Local Buffer Overflow (3)

Nethack 3 - Local Buffer Overflow 3 source: https://www.securityfocus.com/bid/6806/info By passing an overly large string when invoking nethack, it is possible to corrupt memory. By exploiting this issue it may be possible for an attacker to overwrite values in sensitive areas of memory, resultin...

Solaris 2.x /usr/sbin/wall Advisory

Affected Operating Systems: Solaris 2.x-9 Possibly others derived from AT&T source code. Affected Program: /usr/sbin/wall Synopsis: Wall is a setgid tty program that broadcasts a message to every user currently logged into the system. It can also receive messages from remote hosts, via RPC...

CVE-2002-2092

Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid...

CVE-2002-2396

Buffer overflow in Advanced TFTP atftp 0.5 and 0.6, if installed setuid or setgid, may allow local users to execute arbitrary code via a long argument to the -g option...

iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities

iDEFENSE Security Advisory 09.16.2002 FreeBSD Ports libkvm Security Vulnerabilities DESCRIPTION The FreeBSD ports asmon, ascpu, bubblemon, wmmon, and wmnet2 can be locally manipulated to take advantage of open file descriptors /dev/mem and /dev/kmem to gain root privileges on a target host. These...

CVE-2002-0740

Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d SPOOLDIR argument...

CVE-2002-0820

CVE-2002-0820: FreeBSD kernels 4.6 and earlier close fds 0, 1, and 2 after they are assigned to /dev/null when the descriptors reference procfs/linprocfs. This could allow a local attacker to reuse those file descriptors in a setuid/setgid program to modify critical data and gain privileges. The ...

CVE-2001-1384

CVE-2001-1384 affects the Linux kernel in 2.2.x up to 2.2.19 and 2.4.x up to 2.4.9. The vulnerability is a local privilege escalation: a local user can gain root by ptracing a setuid/setgid process that itself executes an unprivileged program (e.g., newgrp). The provided documents do not specify ...

CVE-2002-0740

Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d SPOOLDIR argument...

Linux kernel setgid implementation flaw

Hi, I believe the following to be accurate and of some interest to bugtraq readers, although i did not have time to extensively test it, nor did i warn the vendor, since 1 this is at most a undirect risk - IMHO - and 2 i am going on holidays so i had to balance betweeen disclosing now and letting...

Protection bypass in linux

setgid call doesn't change saved gid...

CVE-2002-0294

Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many different local users to shut down the system...

CVE-2002-0294

The CVE-2002-0294 entry concerns Alcatel 4400. The affected component is the /chetc/shutdown command which is installed with setgid privileges. The underlying issue is privilege escalation by assigning setgid to a program used for system shutdown, enabling local users to shut down the system (imp...

CVE-1999-1143

Technical details for CVE-1999-1143 are not provided in the connected documents. The initial description summarizes a privilege escalation in SGI IRIX 6.x rld but no further public details are included here. Monitor for updates.

CVE-1999-1143

Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs...

CVE-1999-1142

SunOS 4.1.2 and earlier allows local users to gain privileges via LD_* environment variables affecting dynamically linked setuid/setgid programs (e.g., login, su, sendmail) by causing real and effective UIDs to the same user. This yields a local escalation with complete confidentiality and integr...

Unixware Message catalog exploit code

Hi, I'm jGgM. I was reported this problem Caldera, a few week ago. And, This exploit is fixed already. Hacker can modify message catalog and, It can possible format string exploit. for example $ gcc -o expshell expshell.c $ gcc -o getret getret.c $ gcc -o fmtexp fmtexp.c $ ./expshell $ ./getret...

IMLib2 - Home Environment Variable Buffer Overflow

IMLib2 - Home Environment Variable Buffer Overflow // source: https://www.securityfocus.com/bid/3868/info Imlib2 is a freely available, open source graphics library available for the Linux and Unix operating systems. It is maintained by Michael Jennings. Imlib2 is installed on many operating...