CDRTools 2.0 - RSCSI Debug File Arbitrary Local File Manipulation

source: https://www.securityfocus.com/bid/8328/info It has been reported that the rscsi utility may provide for the modification of ownership and the corruption of arbitrary attacker specified files. It has been reported that a local attacker may invoke the rscsi utility to corrupt or seize group...

IBM UniVerse 10.0.0.9 - 'uvadmsh' Local Privilege Escalation

source: https://www.securityfocus.com/bid/8203/info A vulnerability has been reported in the IBM U2 UniVerse uvadmsh program that could permit the uvadm user to execute arbitrary code with elevated privileges. The -uv.install option of the vulnerable program allows a user to specify an arbitrary...

IBM UniVerse 10.0.0.9 - uvadmsh Local Privilege Escalation

IBM UniVerse 10.0.0.9 - uvadmsh Local Privilege Escalation source: https://www.securityfocus.com/bid/8203/info A vulnerability has been reported in the IBM U2 UniVerse uvadmsh program that could permit the uvadm user to execute arbitrary code with elevated privileges. The -uv.install option of th...

CVE-2003-0501

The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries...

CVE-2003-0390

Multiple buffer overflows in Options Parsing Tool OPT shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as optwarn2, as used in functions such as optatoi...

CVE-2003-0385

Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allows local users to gain root privileges via a long -language option...

CVE-2003-0396

Buffer overflow in les for ATM on Linux linux-atm before 2.4.1, if used setuid, allows local users to gain privileges via a long -f command line argument...

CVE-2003-0396

Buffer overflow in les for ATM on Linux linux-atm before 2.4.1, if used setuid, allows local users to gain privileges via a long -f command line argument...

CVE-2003-0390

Multiple buffer overflows in Options Parsing Tool OPT shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as optwarn2, as used in functions such as optatoi...

DEBIAN-CVE-2003-0390

Multiple buffer overflows in Options Parsing Tool OPT shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as optwarn2, as used in functions such as optatoi...

Linux 2.4.x execve() file read race vulnerability

Hi people, again it is time to discover a funny bug inside the Linux execve system call. Details: --------- While looking at the execve code I've found the following piece of code from fs/binfmtelf.c: static int loadelfbinarystruct linuxbinprm bprm, struct ptregs regs struct file interpreter =...

Linux Kernel 2.4 - SUID execve() System Call Race Condition Executable File Read

Linux Kernel 2.4 - SUID execve System Call Race Condition Executable File Read / source: https://www.securityfocus.com/bid/8042/info A race condition vulnerability has been discovered in the Linux execve system call, affecting the 2.4 kernel tree. The problem lies in the atomicity of placing a...

Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read

/ source: https://www.securityfocus.com/bid/8042/info A race condition vulnerability has been discovered in the Linux execve system call, affecting the 2.4 kernel tree. The problem lies in the atomicity of placing a target executables file descriptor within the current process descriptor and...

Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Information Disclosure

/ source: https://www.securityfocus.com/bid/8002/info A potential information disclosure vulnerability has been reported for the Linux /proc filesystem, specifically when invoking setuid applications. As a result, an unprivileged user may be able to read the contents of a setuid application's...

Linux Kernel 2.2.x2.4.x - proc Filesystem Information Disclosure

Linux Kernel 2.2.x2.4.x - proc Filesystem Information Disclosure / source: https://www.securityfocus.com/bid/8002/info A potential information disclosure vulnerability has been reported for the Linux /proc filesystem, specifically when invoking setuid applications. As a result, an unprivileged us...

CVE-2003-0396

Buffer overflow in les for ATM on Linux linux-atm before 2.4.1, if used setuid, allows local users to gain privileges via a long -f command line argument...

CVE-2003-0396

Buffer overflow in les for ATM on Linux linux-atm before 2.4.1, if used setuid, allows local users to gain privileges via a long -f command line argument...

CVE-2003-0385

Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allows local users to gain root privileges via a long -language option...

CVE-2003-0390

CVE-2003-0390 is a vulnerability in the Options Parsing Tool (OPT) shared library ≤ 3.18 used by setuid programs. It describes multiple buffer overflows triggered by long command line options fed into macros such as opt_warn_2 (used in opt_atoi), enabling local arbitrary code execution. The provi...

CVE-2003-0385

Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allows local users to gain root privileges via a long -language option...