CVE-2007-3931

The wrapsetuidthirdpartyapplication function in the installation script for the Samsung SCX-4200 Driver 2.00.95 adds setuid permissions to third party applications such as xsane and xscanimage, which allows local users to gain privileges...

CVE-2007-3931

CVE-2007-3931 affects the Samsung SCX-4200 Driver 2.00.95 installation script. The wrap_setuid_third_party_application function grants setuid permissions to third-party applications (e.g., xsane, xscanimage), enabling local users to escalate privileges. Documented impact is privilege escalation f...

bsd/x86 setuid/portbind shellcode 94 bytes

Exploit for bsd/x86 platform in category shellcode ========================================== bsd/x86 setuid/portbind shellcode 94 bytes ========================================== / $Id: portbind-bsd.c,v 1.3 2004/06/02 12:22:30 raptor Exp $ portbind-bsd.c - setuid/portbind shellcode for BSD/x86...

bsd/x86 setuid/execve shellcode 30 bytes

Exploit for bsd/x86 platform in category shellcode ======================================== bsd/x86 setuid/execve shellcode 30 bytes ======================================== / $Id: setuid-bsd.c,v 1.6 2004/06/02 12:22:30 raptor Exp $ setuid-bsd.c - setuid/execve shellcode for BSD/x86 Copyright c...

security flaw

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long...

Ingres wakeup setuid(ingres) file truncation

======= Summary ======= Name: wakeup setuidingres file truncation Release Date: 25 June 2007 Reference: NGS00390 Discover: Chris Anley [email protected] Vendor: Ingres Vendor Reference: Ingres bug 115913, CVE-2007-3337, CAID 35451 Systems Affected: Ingres 2006 9.0.4 and prior Risk: Medium...

Sun Solaris srsexec任意文件读取本地信息泄露漏洞

Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 Solaris系统的srsexec工具在处理文件访问权限时存在漏洞，本地攻击者可能利用此漏洞读取部分敏感文件内容。 如果安装了SUNWsrspx软件包的话，则该软件包中的srsexec工具可能允许本地攻击者访问敏感信息，如root口令哈希。漏洞起因是没有丢弃或检查目标文件的权限，如果用户指定了verify only模式（-v）及debug（-d）模式的话，且指定了受保护的文件（如/etc/shadow），srsexec就会在debug消息中显示/etc/shadow的第一行。 Sun SRS Net Connect...

GLSA-200704-22 : BEAST: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200704-22 BEAST: Denial of Service BEAST, which is installed as setuid root, fails to properly check whether it can drop privileges accordingly if seteuid fails due to a user exceeding assigned resource limits. Impact : A local us...

Beast privilege escalation

Unchecked result of setuid call can be exploited by user with exhausting system resources...

Fedora Core 5 : xorg-x11-server-1.0.1-9.fc5.7 (2007-424)

Sun Apr 8 2007 Adam Jackson 1.0.1-9.fc5.7 - xserver-CVE-2007-1003.patch: Fix CVE-2007-1003 in XC-MISC extension. - xorg-x11-server-1.0.1-intel-bridge-fix.patch: Backport an Intel PCI bridge fix from FC6. - Tue Jan 9 2007 Adam Jackson 1.0.1-9.fc5.6 - xorg-xserver-1.0.1-dbe-render.diff: CVE...

TrueCrypt <= 4.3 Local Privilege Escalation Exploit (CVE-2007-1738)

No description provided by source. $Id: raptortruecrypt,v 1.1.1.1 2007/04/04 11:31:56 raptor Exp $ raptortruecrypt - setuid truecrypt privilege escalation Copyright c 2007 Marco Ivaldi [email protected] TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of servic...

TrueCrypt 4.3 - setuid Local Privilege Escalation

TrueCrypt 4.3 - setuid Local Privilege Escalation $Id: raptortruecrypt,v 1.1.1.1 2007/04/04 11:31:56 raptor Exp $ raptortruecrypt - setuid truecrypt privilege escalation Copyright c 2007 Marco Ivaldi TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service...

TrueCrypt <= 4.3 Local Privilege Escalation Exploit (CVE-2007-1738)

Exploit for unknown platform in category local exploits =================================================================== TrueCrypt TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service filesystem unavailability or gain privileges by mounting a crafted...

Critical: krb5 security update

1.3.4-46 - fix bug ID in changelog 1.3.4-45 - add preliminary patch to fix buffer overflow in krb5kdc and kadmind 231528, CVE-2007-0957 - add preliminary patch to fix double-free in kadmind 231537, CVE-2007-1216 1.3.4-44 - temporarily disable bug fixes for 143289, 179062, 180671, 202191, 223669 f...

OpenAFS: Privilege escalation

Background OpenAFS is a distributed network filesystem. Description Benjamin Bennett discovered that the OpenAFS client contains a design flaw where cache managers do not use authenticated server connections when performing actions not requested by a user. Impact If setuid is enabled on the clien...

Debian DSA-1271-1 : openafs - design error

A design error has been identified in the OpenAFS, a cross-platform distributed filesystem included with Debian. OpenAFS historically has enabled setuid filesystem support for the local cell. However, with its existing protocol, OpenAFS can only use encryption, and therefore integrity protection,...

Mandrake Linux Security Advisory : openafs (MDKSA-2007:066)

By default, OpenAFS prior to 1.44 and 1.5.17 supports setuid programs within the local cell, which could allow attackers to obtain privileges. Updated packages have been patched to address this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

[SECURITY] [DSA 1271-1] New openafs packages fix remote privilege escalation bug

------------------------------------------------------------------------ Debian Security Advisory DSA-1271-1 [email protected] http://www.debian.org/security/ Noah Meyerhans March 20, 2007 - ------------------------------------------------------------------------ Package : openafs Vulnerability...

[SECURITY] [DSA 1271-1] New openafs packages fix remote privilege escalation bug

------------------------------------------------------------------------ Debian Security Advisory DSA-1271-1 [email protected] http://www.debian.org/security/ Noah Meyerhans March 20, 2007 - ------------------------------------------------------------------------ Package : openafs Vulnerability...

CVE-2007-1507

The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the...