DEBIAN-CVE-2007-1507

The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the...

CVE-2007-1507

The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the...

DSA-1271-1 openafs - design error

Bulletin has no description...

IBM DB2 Universal Database DB2INSTANCE文件创建漏洞

IBM DB2是一个大型的商业关系数据库系统，面向电子商务、商业资讯、内容管理、客户关系管理等应用，可运行于AIX、HP-UX、Linux、Solaris、Windows等系统。 几个setuid-root二进制程序中存在不安全文件访问漏洞。具体来讲，在提供DB2INSTANCE环境变量时，setuid-root DB2管理二进制程序会使用指定用户的主目录加载配置数据，这允许攻击者通过创建特定的执行环境创建或附加任意文件。此外，还可以利用用户的umask设置创建root所有的完全可写文件。 请注意攻击者无法完全控制所写入数据的内容，但这不会对利用这个漏洞造成很大的影响。 IBM DB2...

IBM DB2 < 9 Fix Pack 2 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 running on the remote host allows unsafe access to several setuid-root binaries. A local attacker can exploit this to crash the affected database server or possibly even gain root-level access. In addition, the fenced userid may be able to...

Design/Logic Flaw

Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file...

CVE-2007-1027

Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file...

mysql improper suid argument evaluation

MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE...

ProFTPd 1.3.01.3.0a - mod_ctrls support Local Buffer Overflow (1)

ProFTPd 1.3.01.3.0a - modctrls support Local Buffer Overflow 1 !/usr/bin/perl -w $Id: revengeproftpdctrls24.pl, v1.0 2007/02/18 19:24:22 revenge Exp $ ProFTPD v1.3.0/1.3.0a Controls Buffer Overflow Exploit Old style school sploit against gcc 3.x and linux kernel 2.4 Original Advisory :...

bsd/x86 setuid/execve shellcode 30 bytes

No description provided by source. / $Id: setuid-bsd.c,v 1.6 2004/06/02 12:22:30 raptor Exp $ setuid-bsd.c - setuid/execve shellcode for BSD/x86 Copyright c 2003 Marco Ivaldi [email protected] Short setuid0 and /bin/sh execve shellcode based on esdee's code. ...

bsd/x86 setuid/portbind shellcode 94 bytes

No description provided by source. / $Id: portbind-bsd.c,v 1.3 2004/06/02 12:22:30 raptor Exp $ portbind-bsd.c - setuid/portbind shellcode for BSD/x86 Copyright c 2003 Marco Ivaldi [email protected] Simple portbind shellcode that bind's a setuid0 shell on...

Hacking tricks series of some common left the back door approach-vulnerability warning-the black bar safety net

For us such a dish hand, finally got the servers is not easy, if it is found it miserable. In fact, the open back door methods there are many, below I to talk, I've learned of several ways. 1. Setuid | cp /bin/sh /tmp/. root chmod u+s /tmp/. root --- Add suid bit to the shell on, although very...

MOAB-21-01-2007: System Preferences writeconfig Local Privilege Escalation Vulnerability

Summary Apple provides the following description in the The Preference Application documentation: System Preferences is the standard location for presenting system-level preferences on OSX. The preference panes shipped with Mac OS X include panes affecting hardware such as the Sound, Mouse, and...

MOAB-15-01-2007.rb.txt

!/usr/bin/ruby Exploit for MOAB-15-01-2007 c 2006 LMH . Note: It's a generic exploit, you can use it over any binary writable which is set as root setuid by diskutil repair permissions. Simply change the path. Blame Apple for doing such a piece of and relying on flawed DAC. Line-noise: Jackass of...

CVE-2007-0394

HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572...

CVE-2007-0393

Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572...

Design/Logic Flaw

Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572...

Design/Logic Flaw

IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572...

Design/Logic Flaw

HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572...

CVE-2007-0393

CVE-2007-0393 concerns Sun Solaris 9 where the system does not properly verify the status of file descriptors before setuid execution, enabling local privilege escalation by closing fd 0, 1, or 2 and then running a setuid program. The vulnerability is described as a variant of CVE-2002-0572. Conn...