Hiawatha 'setuid' Local Privilege Escalation

According to its server response header, the installed version of Hiawatha is a version prior to 1.0b. A flaw exists in the 'setuid' function that could allow a local attacker to gain elevated privileges. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69036;...

Oracle Linux 5 : acpid (ELSA-2009-1642)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2009-1642 advisory. 1.0.4-9.el54.1 - Resolves: 515062 CVE-2009-4033 acpid: log file created with random permissions Tenable has extracted the preceding description block directly...

Solaris Recommended Patch Cluster 6/19 (x86) - Local Privilege Escalation

Solaris Recommended Patch Cluster 6/19 local root on x86 Larry W. Cashdollar 7/3/2013 @larry0 If the system administrator is updating the system using update manager or smpatch multi user mode a local user could execute commands as root. This only affects x86 systems as this code resides under a...

Solaris Recommended Patch Cluster 619 (x86) - Local Privilege Escalation

Solaris Recommended Patch Cluster 619 x86 - Local Privilege Escalation Solaris Recommended Patch Cluster 6/19 local root on x86 Larry W. Cashdollar 7/3/2013 @larry0 If the system administrator is updating the system using update manager or smpatch multi user mode a local user could execute...

Solaris Recommended Patch Cluster 6/19 Local root on x86

Exploit for linux/x86 platform in category local exploits If the system administrator is updating the system using update manager or smpatch multi user mode a local user could execute commands as root. This only affects x86 systems as this code resides under a case statement checking that the...

Solaris Recommended Patch Cluster 6/19 Local Root

Solaris Recommended Patch Cluster 6/19 local root on x86 Larry W. Cashdollar 7/3/2013 @larry0 If the system administrator is updating the system using update manager or smpatch multi user mode a local user could execute commands as root. This only affects x86 systems as this code resides under a...

CVE-2013-3951

sys/openbsd/stackprotector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the...

Path traversal

sys/openbsd/stackprotector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the...

[SECURITY] Fedora 18 Update: pmount-0.9.23-4.fc18

pmount "policy mount" is a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry. Be warned that pmount is installed setuid root...

[SECURITY] Fedora 17 Update: pmount-0.9.23-4.fc17

pmount "policy mount" is a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry. Be warned that pmount is installed setuid root...

Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root

!/bin/sh + Glibc /tmp/payload.c /dev/null echo "+ Filling the lib file with lib contents." cat /tmp/exploit /lib/sploit.so rm /tmp/payload.c /tmp/exploit echo "+ Executing payload.." LDAUDIT="sploit.so" ping...

Kloxo 6.1.12 Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Kloxo 6.1.12 Privilege Escalation Vulnerability

Kloxo versions 6.1.12 and below contain two setuid root binaries. lxsuexec and lxrestart allow local privilege escalation to root from uid 48, Apache by default on CentOS 5.8, the operating system supported by Kloxo. This Metasploit module has been tested successfully with Kloxo 6.1.12 and 6.1.6...

Kloxo Local Privilege Escalation

Version 6.1.12 and earlier of Kloxo contain two setuid root binaries such as lxsuexec and lxrestart, allow local privilege escalation to root from uid 48, Apache by default on CentOS 5.8, the operating system supported by Kloxo. This module has been tested successfully with Kloxo 6.1.12 and 6.1.6...

Mandriva Linux Security Advisory : glib2.0 (MDVSA-2013:083)

Updated glib2.0 packages fix security vulnerability : It was discovered that the version of glib shipped with MBS 1 does not sanitise certain DBUS related environment variables. When used in combination with a setuid application which utilises dbus via glib, a local user could gain escalated...

HP System Management Homepage Local Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

HP System Management Homepage Local Privilege Escalation Vulnerability

HP System Management Homepage versions 7.1.2 and below include a setuid root smhstart which is vulnerable to a local buffer overflow in the SSLSHAREBASEDIR env variable. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the...

NVIDIA UNIX driver -- ARGB cursor buffer overflow in "NoScanout" mode

NVIDIA Unix security team reports: When the NVIDIA driver for the X Window System is operated in "NoScanout" mode, and an X client installs an ARGB cursor that is larger than the expected size 64x64 or 256x256, depending on the driver version, the driver will overflow a buffer. This can cause a...

Setuid Tunnelblick Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Tunnelblick - Setuid Privilege Escalation (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...