Setuid perl PerlIO_Debug() root owned file creation

No description provided by source. / Copyright Kevin Finisterre DISCLAIMER I am in no way responsible for your stupidity. DISCLAIMER I am in no way liable for any damages caused by compilation and or execution of this code. WARNING DO NOT RUN THIS UNLESS YOU KNOW WHAT YOU ARE DOING WARNING...

Setuid perl PerlIO_Debug() overflow

No description provided by source. / Copyright Kevin Finisterre Setuid perl PerlIODebug overflow Tested on Debian 3.1 perl-suid 5.8.4-5 11:07:20 corezion: who is tha man with tha masta plan? 11:07:36 corezion: a nigga with a buffer overrun 11:07:39 corezion: heh of course that is to the tune of...

Setuid perl - PerlIO_Debug() Local Overflow

Setuid perl - PerlIODebug Local Overflow / Copyright Kevin Finisterre Setuid perl PerlIODebug overflow Tested on Debian 3.1 perl-suid 5.8.4-5 11:07:20 corezion: who is tha man with tha masta plan? 11:07:36 corezion: a nigga with a buffer overrun 11:07:39 corezion: heh of course that is to the tun...

Setuid perl PerlIO_Debug() overflow

Exploit for linux platform in category local exploits =================================== Setuid perl PerlIODebug overflow =================================== / Copyright Kevin Finisterre Setuid perl PerlIODebug overflow Tested on Debian 3.1 perl-suid 5.8.4-5 11:07:20 corezion: who is tha man wit...

Setuid perl - 'PerlIO_Debug()' Root Owned File Creation Privilege Escalation

/ Copyright Kevin Finisterre DISCLAIMER I am in no way responsible for your stupidity. DISCLAIMER I am in no way liable for any damages caused by compilation and or execution of this code. WARNING DO NOT RUN THIS UNLESS YOU KNOW WHAT YOU ARE DOING WARNING overwriting /etc/ld.so.preload can severl...

USN-72-1: Perl vulnerabilities

Two exploitable vulnerabilities involving setuid-enabled perl scripts have been discovered. The package "perl-suid" provides a wrapper around perl which allows to use setuid-root perl scripts, i.e. user-callable Perl scripts which have full root privileges. Previous versions allowed users to...

[Full-Disclosure] DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid'

DMA2005-0127a - 'Apple OSX batch family poor use of setuid' Author: Kevin Finisterre Vendor: http://www.apple.com/macosx/ Product: at commands = Mac OS X v10.3.7, Mac OS X Server v10.3.7 References: CAN-2005-0125 http://www.digitalmunition.com/DMA2005-0127a.txt...

evolution -- arbitrary code execution vulnerability

Martin Joey Schulze reports: Max Vozeler discovered an integer overflow in the helper application camel-lock-helper which runs setuid root or setgid mail inside of Evolution, a free groupware suite. A local attacker can cause the setuid root helper to execute arbitrary code with elevated privileg...

CVE-2005-0120

helvis 1.8h21 and earlier allows local users to delete arbitrary files via the elvprsv setuid program...

CVE-2005-0119

helvis 1.8h21 and earlier allows local users to recover and read the files of other users via the elvrec setuid program...

CVE-2005-0120

CVE-2005-0120 affects helvis

CVE-2005-0119

CVE-2005-0119 affects helvis 1.8h2_1 and earlier, where the setuid elvrec program allows local users to read other users’ files. The FreeBSD vuXML/OpenVAS entries corroborate an information-leak/vector via elvrec/elvprsv, but no specific patched versions or remediation steps are provided in the s...

iDEFENSE Security Advisory 01.13.05: SGI IRIX inpview Design Error Vulnerability

SGI IRIX inpview Design Error Vulnerability iDEFENSE Security Advisory 01.13.05 www.idefense.com/application/poi/display?id=182&type=vulnerabilities January 13, 2005 I. BACKGROUND The inpview program is a setuid root application that is included in the InPerson networked multimedia conferencing...

CVE-2004-1070

The loadelfbinary function in the binfmtelf loader binfmtelf.c in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernelread function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary...

[UNIX] William LeFebvre "top" Format String Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

DEBIAN-CVE-2004-2269

Stack-based buffer overflow in pads.c in Passive Asset Detection System Pads might allow local users to execute arbitrary code via a long report file name argument. NOTE: since Pads is not normally installed setuid, this may not be a vulnerability...

CVE-2004-2372

Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed...

CVE-2004-0806

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges...

DEBIAN-CVE-2004-2372

Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed...

CVE-2004-1453

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LDDEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program...