CVE-2000-0824

The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LDPRELOAD or...

CVE-2000-0959

glibc2 does not properly clear the LDDEBUGOUTPUT and LDDEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack...

ncurses buffer overflows

OVERVIEW The CRT screen handling library ncurses contains buffer overflows, making programs using it vulnerable. If the programs are setuid or setgid, a local user may elevate their privilege. The problem exists in ncurses versions 4.2 and 5.0, probably earlier, and libocurses. The overflows can ...

KDE 1.1.2 KApplication configfile - Local Privilege Escalation (2)

KDE 1.1.2 KApplication configfile - Local Privilege Escalation 2 source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can...

freebsd libncurses overflow

b u f f e r 0 v e r f l 0 w s e c u r i t y a d v i s o r y 3 Advisory Name: libncurses buffer overflow Date: 24/4/00 Application: NCURSES 1.8.6 / FreeBSD 3.4-STABLE Vendor: FreeBSD Inc. WWW: www.freebsd.org Severity: setuid programs linked with libncurses can be exploited to obtain root access...

RedHat Linux 6.0 Slackware Linux 4.0 - Termcap tgetent() Local Buffer Overflow (2)

RedHat Linux 6.0 Slackware Linux 4.0 - Termcap tgetent Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/588/info A buffer overflow existed in libtermcap's tgetent function, which could cause the user to execute arbitrary code if they were able to supply their own termcap file...

mother2.sh

!/bin/sh mother2.sh by; syg @ EFnet AKA the bitch who doesnt care to take credit for such a worthless script that doesnt do anything hard, I just wanted to say those other two bitches are dumb as fuck for even sending this to the public and actually making a huge prop header as if it was some sor...

[SECURITY] New versions of ncurses fixes security problem

We have received a report that using ncurses in setuid programs will give the user a way to open arbitrary files. We recommend you upgrade your ncurses3.4-dev package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm This version of Debian were releas...

[SECURITY] New versions of ncurses fixes security problem

We have received a report that using ncurses in setuid programs will give the user a way to open arbitrary files. We recommend you upgrade your ncurses3.4-dev package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm ------------------------------- Th...

Linux libc 5.3.12 (RedHat Linux 4.0 / Slackware Linux 3.1) - libc NLSPATH

// source: https://www.securityfocus.com/bid/379/info There is a serious vulnerability in linux libc affecting all Linux distributions using libc 5.2.18 and below. The vulnerability is centered around the NLSPATH environment variable. Through exporting the oversized and shell-code including buffe...

BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (2)

/ source: https://www.securityfocus.com/bid/237/info The libXt library is part of the X Windows system. There are several buffer overflow conditions that may allow an unauthorized user to gain root privileges through setuid and setgid programs that are linked to libXt. These problems were openly...

IBM AIX 3.2.5 - 'IFS' Local Privilege Escalation

source: https://www.securityfocus.com/bid/454/info Under older versions of AIX By changing the IFS enviroment variable to / setuid root programs that use system or popen can be fooled into running user provided programs. !/bin/csh IFS hole in AIX3.2 rmail gives egid=mail. Apr. 1994 Setup needed...

CVE-1999-1142

SunOS 4.1.2 and earlier allows local users to gain privileges via "LD" environmental variables to certain dynamically linked setuid or setgid programs such as 1 login, 2 su, or 3 sendmail, that change the real and effective user ids to the same user...

SunOS 4.1.3 - LD_LIBRARY_PATH / LD_OPTIONS

source: https://www.securityfocus.com/bid/43/info There exists a vulnerability involving environment variables and setuid/setgid programs under SunOS 4.0 and higher. A dynamically-linked program that is invoked by a setuid/setgid program has access to the caller's LD environmental variables if th...

CVE-1999-1123

The installation of Sun Source sunsrc tapes allows local users to gain root privileges via setuid root programs 1 makeinstall or 2 winstall...