Unixware Message catalog exploit code

Hi, I'm jGgM. I was reported this problem Caldera, a few week ago. And, This exploit is fixed already. Hacker can modify message catalog and, It can possible format string exploit. for example $ gcc -o expshell expshell.c $ gcc -o getret getret.c $ gcc -o fmtexp fmtexp.c $ ./expshell $ ./getret...

IMLib2 - Home Environment Variable Buffer Overflow

IMLib2 - Home Environment Variable Buffer Overflow // source: https://www.securityfocus.com/bid/3868/info Imlib2 is a freely available, open source graphics library available for the Linux and Unix operating systems. It is maintained by Michael Jennings. Imlib2 is installed on many operating...

CVE-1999-1428

Solaris Solstice AdminSuite AdminSuite 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges...

CVE-1999-1079

Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program...

Security Advisory FreeBSD-SA-01:55.procfs

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:55 Security Advisory FreeBSD, Inc. Topic: procfs vulnerability leaks setugid process memory Category: core Module: procfs Announced: 2001-08-21 Credits: Joost Pol...

Solaris 8 libsldap - Local Buffer Overflow (2)

Solaris 8 libsldap - Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/2931/info Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid...

Solaris 8 libsldap - Local Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/2931/info Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid. Libsldap contains a buffer overflow vulnerability ...

CVE-2001-0170

Technical specifics (affected product versions, root cause, mitigations, or exploit details) are not publicly provided in the supplied documents; monitor for updates.

minicom exploit

This advisory was posted Wed Apr 11 08:06:49 2001 to bugzilla.redhat.com/bugzilla and became inaccessable not long after. I went to add more information, a couple of days after and had been locked out, so I tried emailing the QAContact this information on Tue Apr 24 , but received no reply. Now...

Linux Kernel 2.2.18 (RedHat 6.2/7.0 / 2.2.14/2.2.18/2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)

/ EDB Note: Updated exploit can be found here: https://www.exploit-db.com/exploits/20721/ source: https://www.securityfocus.com/bid/2529/info The Linux kernel is the core of all distributions of the Linux Operating System. It was originally written by Linus Torvalds, and is maintained by a...

[SECURITY] [DSA-044-1] mailx local exploit

Package : mailx Problem type : buffer overflow Debian-specific: no The mail program a simple tool to read and send email as distributed with Debian GNU/Linux 2.2 has a buffer overflow in the input parsing code. Since mail is installed setgid mail by default this allowed local users to use it to...

Slackware 7.1 - '/usr/bin/mail' Local Privilege Escalation

/ Slackware 7.1 /usr/bin/Mail Exploit give gid=1 bin if /usr/bin/Mail is setgid but it is not setgid, setuid for default. tested on my box sl 7.1 crazy exploited by kengz. GID.... \x01 = 1 bin \x02 = 2 , \x03 = 3 , ... \x0a = 10 \x0b = 11 .... / include include define GID "\x03" int mainint argc,...

Slackware 7.1 - usrbinmail Local Privilege Escalation

Slackware 7.1 - usrbinmail Local Privilege Escalation / Slackware 7.1 /usr/bin/Mail Exploit give gid=1 bin if /usr/bin/Mail is setgid but it is not setgid, setuid for default. tested on my box sl 7.1 crazy exploited by kengz. GID.... \x01 = 1 bin \x02 = 2 , \x03 = 3 , ... \x0a = 10 \x0b = 11 .......

CVE-2001-0084

The CVE-2001-0084 issue affects the GTK+ library, where the GTK_MODULES environment variable lets local users specify arbitrary modules. If GTK+ is used by a setuid/setgid program, this can let local users gain privileges. Reports from PT-2001-1319 describe GTK+ (affected versions not specified) ...

CVE-2001-0084

GTK+ library allows local users to specify arbitrary modules via the GTKMODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program...

Fixed local AIX V43 vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Just for the record, here are some local AIX vulnerabilities we have found, and which have been fixed by IBM this year. If you have been applying fixes, there should be no problem with these anymore. But it might be interesting to know what some of those massive...

BSDi 3.0/4.0 rcvtty gid=tty exploit... (mh package)

well, i dont know if rcvtty is suppost to be setgid in general, since ive never seen it setgid on anything but BSDi 3.0 and 4.0. but none-the-less, here is a exploit i wrote for it: original ver: http://realhalo.org/xrcvtty.c xrcvtty.cmodified from original: ---------------------------------- /...

BSDi 3.04.0 - rcvtty[mh] Local Privilege Escalation

BSDi 3.04.0 - rcvttymh Local Privilege Escalation / BSDi3.0/4.0rcvttymh local exploit, by [email protected]. this exploit is for the rcvtty of the mh package, which is setgid=4tty on BSDi. this exploit gives you egid/group=4tty access. example: -------------------------------------------------...

BSDi 3.0 / 4.0 rcvtty[mh] Local Exploit

Exploit for bsd platform in category local exploits ======================================= BSDi 3.0 / 4.0 rcvttymh Local Exploit ======================================= / BSDi3.0/4.0rcvttymh local exploit, by v9email protected. this exploit is for the rcvtty of the mh package, which is setgid=4t...

BSDi 3.0/4.0 - 'rcvtty[mh]' Local Privilege Escalation

/ BSDi3.0/4.0rcvttymh local exploit, by [email protected]. this exploit is for the rcvtty of the mh package, which is setgid=4tty on BSDi. this exploit gives you egid/group=4tty access. example: ------------------------------------------------- bash-2.02$ id uid=101v9 gid=100user groups=100user...