CVE-2004-2372

Bochs

CVE-2004-2335

The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program...

Operator Shell (osh) 1.7-13 - Local Privilege Escalation

You must be groupoperator for permissions /str0ke !/usr/bin/perl OSH 1.7 Exploit 2 Gonna bang away at this until it's removed ;- EDUCATIONAL purposes only.... :- by Charles Stevenson core Description: The Operator Shell Osh is a setuid root, security enhanced, restricted shell. It allows the...

Operator Shell (osh) 1.7-13 Local Root Exploit

No description provided by source. You must be groupoperator for permissions /str0ke !/usr/bin/perl OSH 1.7 Exploit 2 Gonna bang away at this until it's removed ;- EDUCATIONAL purposes only.... :- by Charles Stevenson core [email protected] Description: The Operator Shell Osh is a setuid root,...

CVE-2005-2541

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges...

DEBIAN-CVE-2005-2541

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges...

CVE-2005-2541

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges...

USN-159-1: unzip vulnerability

If a ZIP archive contains binaries with the setuid and/or setgid bit set, unzip preserved those bits when extracting the archive. This could be exploited by tricking the administrator into unzipping an archive with a setuid-root binary into a directory the attacker can access. This allowed the...

Fedora Core 3 : perl-5.8.5-14.FC3 (2005-600)

Paul Szabo discovered another vulnerability in the File::Path::rmtree function of perl, the popular scripting language. When a process is deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write...

CVE-2001-1553

CVE-2001-1553 describes a local buffer overflow in SETI@home 3.03 when the binary is installed setuid. An attacker could trigger arbitrary code execution via overly long command line options (socks_server, socks_user, socks_passwd). The note indicates the default SETI@home configuration is not se...

CVE-2001-1564

CVE-2001-1564 affects HP-UX kernels prior to some later patch levels (versions 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11). The issue is that setrlimit does not correctly enforce core file size after the process drops setuid/setgid privileges, which could allow a local user to cause a den...

CVE-2001-1551

Linux kernel 2.2.19 enables CAPSYSRESOURCE for setuid processes, which allows local users to exceed disk quota restrictions during execution of setuid programs...

CVE-2002-2023

The getparameterfromfreqencysource function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors...

FreeBSD : cups-lpr -- lppasswd multiple vulnerabilities (7850a238-680a-11d9-a9e7-0001020eed82)

D. J. Bernstein reports that Bartlomiej Sieka has discovered several security vulnerabilities in lppasswd, which is part of CUPS. In the following excerpt from Bernstein's email, CVE names have been added for each issue : First, lppasswd blithely ignores write errors in fputsline,outfile at lines...

FreeBSD : mpg123 -- buffer overflow in URL handling (20d16518-2477-11d9-814e-0001020eed82)

Carlos Barros reports that mpg123 contains two buffer overflows. These vulnerabilities can potentially lead to execution of arbitrary code. The first buffer overflow can occur when mpg123 parses a URL with a user-name/password field that is more than 256 characters long. This problem can be...

GNU GNATS 4.0/4.1 - Gen-Index Arbitrary Local File Disclosure/Overwrite

source: https://www.securityfocus.com/bid/14169/info GNU GNATS gen-index allows local attackers to disclose and overwrite arbitrary files. A successful attack can result in privilege escalation and a complete compromise of the affected computer as gen-index is installed with setuid permissions. G...

GNU GNATS 4.04.1 - Gen-Index Arbitrary Local File DisclosureOverwrite

GNU GNATS 4.04.1 - Gen-Index Arbitrary Local File DisclosureOverwrite source: https://www.securityfocus.com/bid/14169/info GNU GNATS gen-index allows local attackers to disclose and overwrite arbitrary files. A successful attack can result in privilege escalation and a complete compromise of the...

CVE-2005-2072

CVE-2005-2072 affects the runtime linker (ld.so) in Solaris 8, 9, and 10, where LD_AUDIT in setuid/setgid contexts can be abused to gain privileges (including by using a long LD_AUDIT value). Connected advisories list vendor patches addressing this: Solaris 8/9/10 patches 109147-44, 109148-42, 11...

CVE-2005-2072

The runtime linker ld.so in Solaris 8, 9, and 10 trusts the LDAUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by 1 modifying LDAUDIT to reference malicious code and possibly 2 using a long value for LDAUDIT...

CVE-2002-1871

pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" question mark in the 1 mode, 2 owner, or 3 group fields, which allows attackers to elevate privileges...