Debian DSA-895-1 : uim - programming error

Masanari Yamamoto discovered incorrect use of environment variables in uim, a flexible input method collection and library, that could lead to escalated privileges in setuid/setgid applications linked to libuim. Affected in Debian is at least mlterm. %NASLMINLEVEL 70300 C Tenable Network Security...

Debian DSA-1146-1 : krb5 - programming error

In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid and seteuid are not always checked for success and may fail with some PAM configurations. A local user could exploit one of these vulnerabilities to result in privilege escalation. No exploit code ...

Debian DSA-1150-1 : shadow - programming error

A bug has been discovered in several packages that execute the setuid system call without checking for success when trying to drop privileges, which may fail with some PAM configurations. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation (1)

Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation 1 source: https://www.securityfocus.com/bid/20471/info The Netscape Portable Runtime API running on Sun Solaris 10 operating system is prone to a local privilege-escalation vulnerability. A successful exploit of this iss...

Solaris 10 (libnspr) Arbitrary File Creation Local Root Exploit

Exploit for solaris platform in category local exploits =============================================================== Solaris 10 libnspr Arbitrary File Creation Local Root Exploit =============================================================== !/bin/sh $Id: raptorlibnspr,v 1.1 2006/10/13 19:12:...

CVE-2006-4842

The Netscape Portable Runtime NSPR API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files...

CVE-2006-4842

CVE-2006-4842 is documented as a local privilege-escalation in Netscape Portable Runtime (libnspr) where LIBNSPR prior to 4.6.3 allows the user to influence the log file via the NSPR_LOG_FILE environment variable. Evidence in connected docs shows Solaris-specific context: unpatched Solaris system...

CVE-2006-4842

The Netscape Portable Runtime NSPR API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files...

elf-infection.txt

gcc infR3.s -o infR3 strip infR3 find a writable binary example: ls ./infR3 /bin/ls when root calls the writable ls, chmod will be setuided Coded by [email protected] == [email protected] .text .global main infeccion de start para conseguir local root use at your own risk Coded by...

.ELF Binaries - Local Privilege Escalation

gcc infR3.s -o infR3 strip infR3 find a writable binary example: ls ./infR3 /bin/ls when root calls the writable ls, chmod will be setuided Coded by [email protected] == [email protected] .text .global main infeccion de start para conseguir local root use at your own risk Coded by...

Apple Mac OSX 10.4.7 - Mach Exception Handling Privilege Escalation

/ excploit.c - 28 Nov 2005 - [email protected] Exploitable Mach Exception Handling Affected: Mac OS X 10.4.6 darwin 8.6.0 and older When a process executes a setuid executable, all existing rights to the task port are invalidated, to make sure unauthorized processes do not retain control o...

Mac OS X <= 10.4.7 Mach Exception Handling Local Root Exploit

Exploit for macOS platform in category local exploits ============================================================= Mac OS X include include include extern booleant excservermachmsgheadert , machmsgheade...

Apple Mac OSX 10.4.7 - Mach Exception Handling Privilege Escalation

Apple Mac OSX 10.4.7 - Mach Exception Handling Privilege Escalation / excploit.c - 28 Nov 2005 - [email protected] Exploitable Mach Exception Handling Affected: Mac OS X 10.4.6 darwin 8.6.0 and older When a process executes a setuid executable, all existing rights to the task port are...

openmovieeditor 0.0.20060901 - name Local Buffer Overflow

openmovieeditor 0.0.20060901 - name Local Buffer Overflow / openmovieeditor buffer overflow exploit by qnix envt/envt -s 2 Shellcode: linux/x86 setuid0,setgid0 execve/bin/sh, /bin/sh, NULL 37 bytes + Setting memory for the shellcode. + Copying shellcode to memory. + Putting shellcode in the...

openmovieeditor 0.0.20060901 - &#039;name&#039; Local Buffer Overflow

/ openmovieeditor buffer overflow exploit by qnix envt/envt -s 2 Shellcode: linux/x86 setuid0,setgid0 execve/bin/sh, /bin/sh, NULL 37 bytes + Setting memory for the shellcode. + Copying shellcode to memory. + Putting shellcode in the environment. + Going into the environment ENVT and exiting...

DEBIAN-CVE-2006-4447

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit...

CVE-2006-4447

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit...

CVE-2006-4447

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit...

CVE-2006-4447

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit...

X.org and some X.org libraries: Local privilege escalations

Background X.org is an implementation of the X Window System. Description Several X.org libraries and X.org itself contain system calls to setuid functions, without checking their result. Impact Local users could deliberately exceed their assigned resource limits and elevate their privileges afte...