CVE-2004-0186

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted...

DSA-463 samba - privilege escalation

Bulletin has no description...

CVE-2003-0089

Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as 1 swinstall and 2 swmodify...

CVE-2001-1411

Format string vulnerability in gm4 aka m4 on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs...

CVE-2001-1411

Format string vulnerability in gm4 aka m4 on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs...

CVE-2001-1411

CVE-2001-1411 describes a format string vulnerability in gm4 (m4) on Mac OS X. The flaw may allow local users to gain privileges if gm4 is executed by setuid programs. The vulnerability is triggered through improper handling of format strings in gm4, leading to potential privilege escalation. The...

CVE-2003-0390

Multiple buffer overflows in Options Parsing Tool OPT shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as optwarn2, as used in functions such as optatoi...

CVE-2003-0390

Multiple buffer overflows in Options Parsing Tool OPT shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as optwarn2, as used in functions such as optatoi...

DEBIAN-CVE-2003-0390

Multiple buffer overflows in Options Parsing Tool OPT shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as optwarn2, as used in functions such as optatoi...

CVE-2003-0390

CVE-2003-0390 is a vulnerability in the Options Parsing Tool (OPT) shared library ≤ 3.18 used by setuid programs. It describes multiple buffer overflows triggered by long command line options fed into macros such as opt_warn_2 (used in opt_atoi), enabling local arbitrary code execution. The provi...

CVE-2002-0246

Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LCMESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint...

HP-UX 1011 - NLSPATH Environment Variable Format String (1)

HP-UX 1011 - NLSPATH Environment Variable Format String 1 // source: https://www.securityfocus.com/bid/8985/info HP-UX allows the NLSPATH to be set for setuid root programs, which use catopen3C and may be executed by other local users. This could result in privilege escalation as an attacker coul...

X11 vulnerable to buffer overflow in handling of -xrm option

Overview The X11 library included with many UNIX variants contains a buffer-overflow vulnerability that may allow attackers to gain root privileges. Description The X11 library contains an unspecified buffer-overflow vulnerability. Programs that use this library and accept the -xrm option includi...

QNX RTOS 4.25/6.1 - su Password Hash Disclosure

source: https://www.securityfocus.com/bid/4914/info It has been reported that the 'su' utility for QNX RTOS accepts the SIGSEGV signal and dumps a world readable core file. An attacker is able to analyze the core file and obtain very sensitive information. It is very probable that this is a...

CVE-1999-1143

Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs...

CVE-1999-1182

Buffer overflow in run-time linkers 1 ld.so or 2 ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name argv0 and forcing ld.so/ld-linux.so to report an error...

Solaris 8 libsldap - Local Buffer Overflow (2)

Solaris 8 libsldap - Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/2931/info Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid...

Solaris 8 libsldap - Local Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/2931/info Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid. Libsldap contains a buffer overflow vulnerability ...

CVE-2000-0959

CVE-2000-0959 concerns glibc2/ld.so: the loader does not clear LD_DEBUG_OUTPUT and LD_DEBUG before invoking programs from a setuid context. This can enable a local attacker to exploit a symlink to overwrite arbitrary files. Concrete details exist in CERT/CC reports (Debian advisory) describing th...

CVE-2000-0824

The CVE-2000-0824 issue involves glibc 2.1.1 unsetenv(): when a variable appears twice in the environment, the value may not be properly removed, enabling a local attacker to influence setuid programs with duplicate variables (e.g., LD_PRELOAD, LD_LIBRARY_PATH) and potentially execute code as roo...