49 matches found
CVE-2005-4532
scponlyc in scponly 4.1 and earlier, when the operating system supports LDPRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LDPRELOAD to...
CVE-2005-4532
CVE-2005-4532 affects scponly versions 4.1 and earlier. The root cause is a design/implementation flaw in scponlyc that can be exploited when LD_PRELOAD is available: an unprivileged user can create a chroot directory in their home, hard-link to a system setuid application, and override expected ...
CVE-2005-2748
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application...
CVE-2005-2748
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application...
CVE-2005-2748
The CVE-2005-2748 issue affects Apple Mac OS X 10.3.9 and 10.4.2, where the malloc function in libSystem can be manipulated via the MallocLogFile environment variable before running a setuid application. This allows local users to overwrite arbitrary files. Root cause: environment-controlled log ...
iDEFENSE Security Advisory 01.13.05: SGI IRIX inpview Design Error Vulnerability
SGI IRIX inpview Design Error Vulnerability iDEFENSE Security Advisory 01.13.05 www.idefense.com/application/poi/display?id=182&type=vulnerabilities January 13, 2005 I. BACKGROUND The inpview program is a setuid root application that is included in the InPerson networked multimedia conferencing...
Important: Red Hat Security Advisory: cyrus-sasl security update
Updated cyrus-sasl packages that fix a setuid and setgid application vulnerability are now available. Updated 7th October 2004 Revised cryus-sasl packages have been added for Red Hat Enterprise Linux 3; the patch in the previous packages broke interaction with ldap. The cyrus-sasl package contain...
MTools 3.9.x - 'MFormat' Local Privilege Escalation
source: https://www.securityfocus.com/bid/9746/info It has been reported that mformat is prone to a privilege escalation vulnerability when installed as a setUID application. This issue is due to a design error allowing a user to create any arbitrary files as the root user. A local attacker could...
Pine Internet Advisory: Setuid application execution may give local root in FreeBSD
-----BEGIN PGP SIGNED MESSAGE----- ----------------------------------------------------------------------------- Pine Internet Security Advisory ----------------------------------------------------------------------------- Advisory ID : PINE-CERT-20020401 Authors : Joost Pol [email protected] Issue...