CDRDAO - Local Privilege Escalation

CDRDAO - Local Privilege Escalation !/bin/sh DIR=pwd echo "" echo "cdrdao local root exploit - gr doesn't protect you this time" echo "Karol Wiêsek " echo "" sleep 2 umask 000 echo -n " Checking if /etc/ld.so.preload doesn't exist ... " if -f /etc/ld.so.preload ; then echo "WRONG" echo...

CVE-2004-0186

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted...

CVE-2004-0186

CVE-2004-0186 is a local privilege-escalation in Samba (2.x/3.x) on Linux 2.6 where the setuid-smounted utility smbmnt can be exploited: when a setuid root binary is present on a mounted share, a local user can execute it to gain root privileges. The underlying issue is that setuid attributes are...

CVE-2004-0186

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted...

CVE-2003-0019

umlnet in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode...

CVE-2003-0019

The CVE-2003-0019 issue affects the uml_net utility in Red Hat Linux 8.0’s kernel-utils package, shipped with incorrect setuid root permissions. This allows local users to modify network interfaces, including ARP entry manipulation and placing interfaces into promiscuous mode. Root cause: the uml...

GLSA-200404-21 : Multiple Vulnerabilities in Samba

The remote host is affected by the vulnerability described in GLSA-200404-21 Multiple Vulnerabilities in Samba Two vulnerabilities have been discovered in Samba. The first vulnerability allows a local user who has access to the smbmount command to gain root. An attacker could place a setuid-root...

fidogate -- write files as `news' user

Neils Heinen reports that the setuid news' binaries installed as part of fidogate may be used to create files or append to file with the privileges of the news' user by setting the LOGFILE environmental variable...

CVE-2003-1052

IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs...

Mandrake Linux Security Advisory : gnupg (MDKSA-2001:053-1)

A format string vulnerability exists in gnupg 1.0.5 and previous versions which is fixed in 1.0.6. This vulnerability can be used to invoke shell commands with privileges of the currently logged-in user. Update : The /usr/bin/gpg executable was installed setuid root and setgid root. While being...

SUSE-SA:2003:0014: lprold

The remote host is missing the patch for the advisory SUSE-SA:2003:0014 lprold. The lprm command of the printing package lprold shipped till SUSE 7.3 contains a buffer overflow. This buffer overflow can be exploited by a local user, if the printer system is set up correctly, to gain root...

SUSE-SA:2002:032: xf86

The remote host is missing the patch for the advisory SUSE-SA:2002:032 xf86. The xf86 package contains various libraries and programs which are fundamental for the X server to function. The libX11.so library from this package dynamically loads other libraries where the pathname is controlled by t...

SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities

SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities / source: https://www.securityfocus.com/bid/10758/info It has been reported that the SCO Multi-channel Memorandum Distribution Facility MMDF is affected by multiple vulnerabilities. These issues are due to a failure of...

SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities

/ source: https://www.securityfocus.com/bid/10758/info It has been reported that the SCO Multi-channel Memorandum Distribution Facility MMDF is affected by multiple vulnerabilities. These issues are due to a failure of the utility to properly validate buffer boundaries when copying user-supplied...

[Full-Disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : MMDF Various buffer overflows and other security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : MMDF Various buffer overflows and other security issues Advisory number: SCOSA-2004.7 Issue date: 2004 July 14 Cross reference: sr884728 fz528322 erg712434 CAN-2004-0510 CAN-2004-0511...

CVE-2003-1033

The 1 instdbmsrv and 2 instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious...

[Full-Disclosure] [SECURITY] [DSA 472-1] New fte packages fix buffer overflows

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 472-1 [email protected] http://www.debian.org/security/ Matt Zimmerman April 3rd, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 472-1] New fte packages fix buffer overflows

-------------------------------------------------------------------------- Debian Security Advisory DSA 472-1 [email protected] http://www.debian.org/security/ Matt Zimmerman April 3rd, 2004 http://www.debian.org/security/faq -...

DSA-472 fte - several vulnerabilities

Bulletin has no description...

CVE-2003-1033

The CVE affects SAP DB Development Tools 7.x (instances of instdbmsrv and instlserver). The root cause is that these programs trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver binary. This trust enables local users to escalate privile...