Solaris 10 libnspr - LD_PRELOAD Arbitrary File Creation Privilege Escalation (2)

Solaris 10 libnspr - LDPRELOAD Arbitrary File Creation Privilege Escalation 2 !/bin/sh $Id: raptorlibnspr2,v 1.4 2006/10/16 11:50:48 raptor Exp $ raptorlibnspr2 - Solaris 10 libnspr LDPRELOAD exploit Copyright c 2006 Marco Ivaldi Local exploitation of a design error vulnerability in version 4.6.1...

Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation (1)

Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation 1 source: https://www.securityfocus.com/bid/20471/info The Netscape Portable Runtime API running on Sun Solaris 10 operating system is prone to a local privilege-escalation vulnerability. A successful exploit of this iss...

Solaris 10 (libnspr) Arbitrary File Creation Local Root Exploit

Exploit for solaris platform in category local exploits =============================================================== Solaris 10 libnspr Arbitrary File Creation Local Root Exploit =============================================================== !/bin/sh $Id: raptorlibnspr,v 1.1 2006/10/13 19:12:...

CVE-2006-4124

The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUGFILE environment variable, which is used to create world-writable files when libXm is run from a setuid program...

CVE-2006-4124

The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUGFILE environment variable, which is used to create world-writable files when libXm is run from a setuid program...

CVE-2006-2230

Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack...

CVE-2006-1079

htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, an...

CVE-2005-4667

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long...

DEBIAN-CVE-2005-4667

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long...

CVE-2005-4082

The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users to modify the NIC configuration and conduct other attacks...

[EXPL] Iwconfig Buffer Overflow

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

glibc, nptl, nscd security update

CentOS Errata and Security Advisory CESA-2005:256 Updated glibc packages that address several bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The GNU libc packages known as glibc contain the standard C libraries used by...

CVE-2005-0120

helvis 1.8h21 and earlier allows local users to delete arbitrary files via the elvprsv setuid program...

CVE-2005-0119

helvis 1.8h21 and earlier allows local users to recover and read the files of other users via the elvrec setuid program...

CVE-2004-1453

CVE-2004-1453 affects the GNU C Library (glibc). The issue arises when LD_DEBUG, LD_SHOW_AUXV, and LD_DYNAMIC_WEAK are not restricted for setuid programs, allowing a local attacker to obtain sensitive information (e.g., the program’s symbol list). This is a local information disclosure vulnerabil...

CVE-2004-1453

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LDDEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program...

CVE-2005-0120

helvis 1.8h21 and earlier allows local users to delete arbitrary files via the elvprsv setuid program...

CVE-2005-0119

helvis 1.8h21 and earlier allows local users to recover and read the files of other users via the elvrec setuid program...

CVE-2005-0120

CVE-2005-0120 affects helvis

CVE-2004-1453

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LDDEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program...