CVE-2007-0394

Technical details about CVE-2007-0394 are not publicly available in the provided connected documents; the materials reiterate the HP-UX vulnerability without expanding on affected versions, impact specifics, or fixes. Monitor for updated advisories.

CVE-2007-0392

CVE-2007-0392 affects IBM AIX 5.3. The issue is a failure to properly verify the status of file descriptors before setuid execution, enabling local privilege escalation by closing FD 0, 1, or 2 and then running a setuid program. Descriptions from connected sources identify this as a variant of CV...

Fedora Core 5 : xorg-x11-server-1.0.1-9.fc5.6 (2007-036)

Tue Jan 9 2007 Adam Jackson 1.0.1-9.fc5.6 - xorg-xserver-1.0.1-dbe-render.diff: CVE 2006-6101. - Fri Jun 30 2006 Mike A. Harris 1.0.1-9.fc5.5 - Standardize on using lowercase 'fcN' in Release field to denote the OS release the package is being built for in all erratum from now on, as this is the...

MOAB-15-01-2007: Multiple Mac OS X Local Privilege Escalation Vulnerabilities

Summary Multiple binaries inside the /Applications directory tree are setuid root, but remain writable by users in the admin group ex. first user by default in a non-server Mac OS X installation, allowing privilege escalation. A malicious user can overwrite the binaries and perform a disk...

Mac OS X 10.4.8 DiskManagement BOM Local Privilege Escalation Exploit

No description provided by source. !/usr/bin/ruby c 2006 LMH lmh at info-pull.com Kevin Finisterre kflists at digitalmunition.com Thanks to The French Connection for bringing this in-the-wild 0-day to our attention. If /tmp/ps2 exists on your system, you've been pwned already...

MOAB-01-01-2007.rb.txt

!/usr/bin/ruby Copyright c LMH Kevin Finisterre Notes: Our command string is loaded on memory at a static address normally, but this depends on execution method and the string length. The address set in this exploit will be likely successful if we open the resulting QTL file directly, without...

Izik : Reverse Engineering with LD_PRELOAD

July, 06 2005г.| Izik Reverse Engineering with LDPRELOAD This paper is about the LDPRELOAD feature, and how it can be useful for reverse engineering dynamically linked executables. This technique allows you to hijack functions/inject code and manipulate the application flow. Compiling Methods...

Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:160)

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. In...

Mandrake Linux Security Advisory : krb5 (MDKSA-2006:139)

A flaw was discovered in some bundled Kerberos-aware packages that would fail to check the results of the setuid call. This call can fail in some circumstances on the Linux 2.6 kernel if certain user limits are reached, which could be abused by a local attacker to get the applications to continue...

iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so 'doprf()' Buffer Overflow Vulnerability

Sun Microsystems Solaris ld.so 'doprf' Buffer Overflow Vulnerability iDefense Security Advisory 12.12.06 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 12, 2006 I. BACKGROUND Solaris is a UNIX operating system developed by Sun Microsystems. More information can be found at...

PT-2006-7008 · Freebsd +2 · Freebsd +2

Name of the Vulnerable Software and Affected Versions: No vulnerable software versions are specified, as the issue is disputed and not considered a vulnerability. Description: The issue in question pertains to an alleged integer overflow in the banner/banner.c file within FreeBSD, NetBSD, and...

DEBIAN-CVE-2006-6008

ftpd in Linux Netkit linux-ftpd 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different...

CVE-2006-6008

ftpd in Linux Netkit linux-ftpd 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different...

[SECURITY] [DSA 1217-1] New linux-ftpd packages fix access control bypass

-------------------------------------------------------------------------- Debian Security Advisory DSA 1217-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 20th, 2006 http://www.debian.org/security/faq -...

GLSA-200611-05 : Netkit FTP Server: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-200611-05 Netkit FTP Server: Privilege escalation Paul Szabo reported that an incorrect seteuid call after the chdir function can allow an attacker to access a normally forbidden directory, in some very particular circumstances, f...

linux/x86 setuid(0) + execve(/bin/sh) 28 bytes

No description provided by source. / revenge-setuid.c, v1.0 2006/09/30 14:57 linux/x86 setuid0 + execve"/bin//sh", "/bin//sh", NULL shellcode once again... setuid 6 bytes + execve 22 bytes = 28 bytes Same as revenge-execve.c we start the 2 system calls with a mov resulting in 2 bytes less, but th...

linux/x86 - setuid0 + execve/bin/sh 28 bytes

linux/x86 setuid0 + execve/bin/sh 28 bytes. Shellcode exploit for linx86 platform / revenge-setuid.c, v1.0 2006/09/30 14:57 linux/x86 setuid0 + execve"/bin//sh", "/bin//sh", NULL shellcode once again... setuid 6 bytes + execve 22 bytes = 28 bytes Same as revenge-execve.c we start the 2 system cal...

linux/x86 setuid(0) + execve(/bin/sh) 28 bytes

Exploit for linux/x86 platform in category shellcode ============================================== linux/x86 setuid0 + execve/bin/sh 28 bytes ============================================== / revenge-setuid.c, v1.0 2006/09/30 14:57 linux/x86 setuid0 + execve"/bin//sh", "/bin//sh", NULL shellcode...

Xcode OpenBase 10.0.0 (OSX) - Unsafe System Call Privilege Escalation

Xcode OpenBase 10.0.0 OSX - Unsafe System Call Privilege Escalation !/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom \n\nTargets:\n\n"; foreach $key sortkeys %tgts $a,$b = split/:/,$tgts"$key"; print "\t$key . $a - $b\n"; print "\n"; exit 1; $ret =...

Sun iPlanet Messaging Server 5.2 HotFix 1.16 Root Password Disclosure

No description provided by source. Date: 14 Jun 2006 Vendor: Sun Microsystems, Inc. Name: iPlanet Messaging Server Version: 5.2 HotFix 1.16 built May 14 2003 Vuln: msg.conf symlink attack Severity: high Software description ---------------- The iPlanet Messaging Server is a software product that...