3208 matches found
Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (1)
// source: https://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. A buffer overflow vulnerability has been reported for Linuxconf. The...
Sun Solaris ptexec does not adequately validate argument passed via -o option
Overview The Sun Solaris ptexec command is subject to a buffer overflow due to not adequately validating arguments passed via the -o option. Description A locally exploitable buffer overflow exists in the ptexec command which is included in the SUNWvts package. This package is not included in the...
Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (3)
source: https://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. A buffer overflow vulnerability has been reported for Linuxconf. The...
GDAM123 0.933/0.942 - Filename Buffer Overflow
// source: https://www.securityfocus.com/bid/5578/info The GDAM123 command-line MP3 player is prone to a buffer overflow condition when handling overly long filenames. Under some circumstances, the player may be installed setuid root to allow unprivileged users to run the player if access to...
CVE-2002-0469
Ecartis formerly Listar 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges...
CVE-2002-0740
Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d SPOOLDIR argument...
ISDN4Linux 3.1 - IPPPD Device String SysLog Format String (1)
// source: https://www.securityfocus.com/bid/5437/info isdn4linux is a freely available, open source package of isdn compatibility tools. It is available for Linux operating systems. isdn4linux contains a format string vulnerability in the ipppd utility. In some installations, this utility is...
ISDN4Linux 3.1 - IPPPD Device String SysLog Format String (1)
ISDN4Linux 3.1 - IPPPD Device String SysLog Format String 1 // source: https://www.securityfocus.com/bid/5437/info isdn4linux is a freely available, open source package of isdn compatibility tools. It is available for Linux operating systems. isdn4linux contains a format string vulnerability in t...
CVE-2002-0820
CVE-2002-0820: FreeBSD kernels 4.6 and earlier close fds 0, 1, and 2 after they are assigned to /dev/null when the descriptors reference procfs/linprocfs. This could allow a local attacker to reuse those file descriptors in a setuid/setgid program to modify critical data and gain privileges. The ...
CVE-2001-1384
CVE-2001-1384 affects the Linux kernel in 2.2.x up to 2.2.19 and 2.4.x up to 2.4.9. The vulnerability is a local privilege escalation: a local user can gain root by ptracing a setuid/setgid process that itself executes an unprivileged program (e.g., newgrp). The provided documents do not specify ...
Moderate: Red Hat Security Advisory: util-linux security update
The util-linux package shipped with Red Hat Linux Advanced Server contains a locally exploitable vulnerability. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The 'chfn' utility included in this package allows users...
CVE-2002-0740
Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d SPOOLDIR argument...
HP Tru64/OSF1 DXTerm - Local Buffer Overflow
source: https://www.securityfocus.com/bid/5746/info The HP Tru64/OSF1 dxterm utility is prone to a locally exploitable buffer overflow condition. This issue is due to insufficient checking of command line input supplied via the "-xrm" parameter. This parameter serves the same purpose as the...
Sun Cobalt RaQ 4.0 - Predictable Temporary Filename Symbolic Link Attack
Sun Cobalt RaQ 4.0 - Predictable Temporary Filename Symbolic Link Attack source: https://www.securityfocus.com/bid/5529/info A vulnerability has been reported in Cobalt RaQ that may allow attackers to obtain elevated privileges. The vulnerability exists in the /usr/lib/authenticate utility which ...
Sun Cobalt RaQ 4.0 - Predictable Temporary Filename Symbolic Link Attack
source: https://www.securityfocus.com/bid/5529/info A vulnerability has been reported in Cobalt RaQ that may allow attackers to obtain elevated privileges. The vulnerability exists in the /usr/lib/authenticate utility which is used by Apache for authentication purposes. Reportedly, the utility...
CVE-1999-1080
rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running...
SCO Openserver Xsco heap overflow.
====================================================================== Strategic Reconnaissance Team Security Advisory SRT2002-06-11-1037 Topic : SCO OpenServer Xsco heap overflow Date : June 11, 2002 Credit : KF dotslashatsnosoft.com Site : http://www.snosoft.com...
CVE-2002-0572
CVE-2002-0572 affects BSD-based systems (notably FreeBSD 4.5 and earlier); the issue arises when a local user closes standard input/output/error (FDs 0–2) and a subsequent setuid-invoked I/O operation reuses those descriptors, allowing read/write access to restricted files. Connected records corr...
CVE-2002-0572
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 standard input, 1 standard output, or 2 standard error, which may then be reused by a called setuid process that intended to...
Ehud Gavron TrACESroute 6.1.1 - Terminator Function Format String
source: https://www.securityfocus.com/bid/4956/info A format string vulnerability exists in TrACESroute. The problem exists in the terminator -T function of the program. Due to improper use of the fprintf function, an attacker may be able to supply a malicious format string to the program that...