CVE-2007-5191

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs...

DEBIAN-CVE-2007-5159

The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions setuid root to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor...

Hack of the classic tutorial of buffer overflow and decryption(a)-vulnerability warning-the black bar safety net

The buffer overflow weakness was born in the 7 0's. Morris Worm8 0'scan be considered their first public application. From the 9 0's, related document, such as the famous Aleph1's”Smashing the Stack for Fun and Profit”and code has been on the Internet disclosed. This article is about some need to...

Code injection

Unspecified vulnerability in the 1 Windows Services for UNIX 3.0 and 3.5, and 2 Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."...

CVE-2007-3036

Unspecified vulnerability in the 1 Windows Services for UNIX 3.0 and 3.5, and 2 Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."...

CVE-2007-3036

Unspecified vulnerability in the 1 Windows Services for UNIX 3.0 and 3.5, and 2 Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."...

Microsoft Windows Services for UNIX本地权限提升漏洞（MS07-053）

BUGTRAQ ID: 25620 CVECAN ID: CVE-2007-3036 Microsoft Windows是微软发布的非常流行的操作系统。 Windows操作系统所安装的Windows Services for UNIX和基于UNIX的应用程序子系统组件没有正确的处理setuid二进制程序，本地攻击者可以登录到系统并运行特制的setuid二进制程序获得权限提升。 Microsoft Windows Services for UNIX 3.0 - Microsoft Windows XP SP2 - Microsoft Windows Server 2003 SP2 -...

Microsoft Windows Services for UNIX privilege escalation vulnerability

Overview Microsoft Windows Services for UNIX contains a vulnerability that may allow a local, authenticated attacker to gain elevated privileges. Description Windows Services for UNIX fails to properly handle setuid binary files. An attacker may be able to trigger this vulnerability by running a...

MS07-053: Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)

The remote host is running a version of the Windows Services for UNIX that is vulnerable to a local privileges elevation due to a flaw in different setuid binary files. An attacker may use this to elevate his privileges on this host. Tenable Network Security, Inc. include"compat.inc"; if...

USN-508-1: Linux kernel vulnerabilities

A buffer overflow was discovered in the Moxa serial driver. Local attackers could execute arbitrary code and gain root privileges. CVE-2005-0504 A flaw was discovered in the IPv6 stack's handling of type 0 route headers. By sending a specially crafted IPv6 packet, a remote attacker could cause a...

USN-509-1: Linux kernel vulnerabilities

A flaw in the sysfsreaddir function allowed a local user to cause a denial of service by dereferencing a NULL pointer. CVE-2007-3104 A buffer overflow was discovered in the random number generator. In environments with granular assignment of root privileges, a local attacker could gain additional...

CVE-2007-3848

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal PRSETPDEATHSIG...

CVE-2007-3848

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal PRSETPDEATHSIG...

CVE-2007-3848

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal PRSETPDEATHSIG...

IBM AIX FTP客户端本地溢出漏洞

BUGTRAQ ID: 25077 CVECAN ID: CVE-2007-4004 IBM AIX是一款商业性质的UNIX操作系统。 AIX FTP客户端程序实现上存在缓冲区溢出漏洞，本地攻击者可能利用此漏洞提升自己的权限。 AIX操作系统中所捆绑的FTP程序没有正确地处理对gets函数的调用。gets函数用于将标准输入的数据读取到缓冲区，但没有指定所读入缓冲区的最大大小，因此可能导致多个溢出漏洞。FTP程序是以root用户权限运行的，任何本地用户都可以执行。至少有一个漏洞会导致可利用的栈溢出。 IBM AIX 5.3 IBM AIX 5.2 临时解决方法：...

IBM AIX Pioout任意库加载命令执行漏洞

BUGTRAQ ID: 25084 CVECAN ID: CVE-2007-4003 IBM AIX是一款商业性质的UNIX操作系统。 AIX操作系统所随捆绑的pioout程序处理命令行参数时存在漏洞，本地攻击者可能利用此漏洞提升自己的权限。 pioout程序没有丢弃权限便加载了攻击者所提供的任意共享库，如果使用了-R命令行参数攻击者就可以指定用于解析打印机数据的共享库。pioout程序拥有root setuid，任何本地用户都可以执行，因此本地攻击者可以通过创建一个执行shell的共享库导致以root用户权限执行任意命令。 IBM AIX 5.3 IBM AIX 5.2 临时解决方法：...

Buffer overflow

Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow local users to gain privileges via a long argument. NOTE: this program is not setuid by default, but there are some usage scenarios in which an administrator might make it setuid...

CVE-2007-4027

Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow local users to gain privileges via a long argument. NOTE: this program is not setuid by default, but there are some usage scenarios in which an administrator might make it setuid...

IBM AIX 5.2/5.3 - Capture Command Local Stack Buffer Overflow

// source: https://www.securityfocus.com/bid/25075/info IBM AIX is prone to a local, stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input to a program that is installed setuid-superuser. Local attackers can exploit this issue to...

Design/Logic Flaw

The wrapsetuidthirdpartyapplication function in the installation script for the Samsung SCX-4200 Driver 2.00.95 adds setuid permissions to third party applications such as xsane and xscanimage, which allows local users to gain privileges...