DEBIAN-CVE-2004-0186

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted...

CVE-2004-0186

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted...

CVE-2004-0186

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted...

CVE-2004-0172

Heap-based buffer overflow in the searchforcommand function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be...

DSA-463 samba - privilege escalation

Bulletin has no description...

MTools 3.9.x - 'MFormat' Local Privilege Escalation

source: https://www.securityfocus.com/bid/9746/info It has been reported that mformat is prone to a privilege escalation vulnerability when installed as a setUID application. This issue is due to a design error allowing a user to create any arbitrary files as the root user. A local attacker could...

CVE-2004-0172

Heap-based buffer overflow in the searchforcommand function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be...

Microsoft Virtual PC Services Insecure Temporary File Creation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Virtual PC Services Insecure Temporary File Creation Release Date: 02/10/2004 Application: Connectix Virtual PC 6.0.x Microsoft Virtual PC 6.1 Platform: Mac OS X Severity: Local privilege...

DEBIAN-CVE-2004-2093

Buffer overflow in the opensocketout function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service crash and possibly execute arbitrary code via a long RSYNCPROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional...

Samba 2.2.8 (Linux Kernel 2.6 Debian Mandrake) - Share Privilege Escalation

Samba 2.2.8 Linux Kernel 2.6 Debian Mandrake - Share Privilege Escalation source: https://www.securityfocus.com/bid/9619/info A local privilege escalation vulnerability has been reported to affect the 2.6 Linux kernel. The issue appears to exist due to a lack of sufficient sanity checks performed...

CVE-2003-1097

Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option...

CVE-2003-1399

eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information...

CVE-2003-0947

Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable...

CVE-2003-0937

SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID PID by obtaining a procfs file descriptor for the file and calling execve on a setuid or setgid program, which leaves the descriptor open to the user...

CVE-2003-0947

The CVE-2003-0947 entry concerns the wireless config tool iwconfig . A vulnerability exists where, if iwconfig is installed with setuid , a buffer overflow can occur via a long OUT environment variable, allowing local arbitrary code execution . The NVD metrics describe a HIGH base score with a LO...

CVE-2003-0089

Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as 1 swinstall and 2 swmodify...

PT-2003-1958 · Sco · Open Unix +1

Name of the Vulnerable Software and Affected Versions: SCO UnixWare versions 7.1.1, 7.1.3 Open UNIX version 8.0.0 Description: The issue allows local users to bypass protections for the address space file for a process ID by obtaining a procfs file descriptor for the file and calling execve on a...

CVE-2001-1411

Format string vulnerability in gm4 aka m4 on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs...

IBM DB2 - db2start Format String Arbitrary Code Execution

IBM DB2 - db2start Format String Arbitrary Code Execution source: https://www.securityfocus.com/bid/8989/info Multiple command-line parameter format string vulnerabilities have been discovered in various IBM DB2 binaries. Specifically, format-based functions are implemented erroneously within the...

TerminatorX 3.8 - Multiple Command-Line and Environment Buffer Overrun Vulnerabilities (2)

// source: https://www.securityfocus.com/bid/8993/info It has been reported that TerminatorX may be prone to multiple vulnerabilities when handling command-line and environment variable data. As a result, an attacker may be capable of exploiting the application in a variety of ways to execute...