CVE-1999-1143

Technical details for CVE-1999-1143 are not provided in the connected documents. The initial description summarizes a privilege escalation in SGI IRIX 6.x rld but no further public details are included here. Monitor for updates.

CVE-1999-1143

Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs...

CVE-1999-1205

nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information...

CVE-2000-0615

LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files...

CVE-1999-1382

CVE-1999-1382 describes a local privilege escalation in NetWare NFS mode 1 and 2. The issue arises when NetWare-NFS implements the Unix Read Only flag by changing a file’s ownership to root, which can be exploited by a local user who creates a setuid program and marks it as Read Only; NetWare-NFS...

CVE-2000-0615

CVE-2000-0615 : LPRng 3.6.x improperly installs lpd as setuid root, allowing local users to append lpd trace and logging messages to files. The connected documents confirm the vulnerability is a local privilege issue tied to the lpd binary running with root privileges. No explicit exploit details...

CVE-1999-1142

SunOS 4.1.2 and earlier allows local users to gain privileges via LD_* environment variables affecting dynamically linked setuid/setgid programs (e.g., login, su, sendmail) by causing real and effective UIDs to the same user. This yields a local escalation with complete confidentiality and integr...

Unixware Message catalog exploit code

Hi, I'm jGgM. I was reported this problem Caldera, a few week ago. And, This exploit is fixed already. Hacker can modify message catalog and, It can possible format string exploit. for example $ gcc -o expshell expshell.c $ gcc -o getret getret.c $ gcc -o fmtexp fmtexp.c $ ./expshell $ ./getret...

NetBSD Security Advisory 2002-001 Close-on-exec, SUID and ptrace(2)

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2002-001 ================================= Topic: Close-on-exec, SUID and ptrace2 Version: NetBSD-current: prior to January 14, 2002 NetBSD-1.5.: affected up to and including 1.5.2 NetBSD-1.4.: affected up to and including 1.4.3 Severity...

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (2)

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link 2 source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves...

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (2)

source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves it's configuration to the .cdrdao file in a user's home directory,...

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (4)

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link 4 source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves...

glibc glob overflow patched

A buffer overflow has been found in the glob3 function in glibc. Fixed packages for Slackware 8.0 are now available. Here's the information from the Slackware 8.0 ChangeLog: Fri Jan 11 14:07:07 PST 2002 patches/packages/glibc.tgz, patches/packages/glibcso.tgz: Fixed a buffer overflow in the glob3...

Buffer overflow vulnerability in pwck command line utility

Overview The CERT/CC has received a public report of a local buffer overflow vulnerability in the pwck utility. Description The pwck utility performs syntax checking of /etc/password and /etc/shadow password information files. This utility contains a buffer overflow vulnerability in the section o...

Buffer overflow vulnerability in grpck command line utility

Overview The CERT/CC has received a public report of a local buffer overflow vulnerability in the grpck utility. Description The grpck utility performs syntax checking of /etc/group and /etc/gshadow group information files. This utility contains a buffer overflow vulnerability in the section of...

CVE-2001-1551

Linux kernel 2.2.19 enables CAPSYSRESOURCE for setuid processes, which allows local users to exceed disk quota restrictions during execution of setuid programs...

HP-UX setuid rlpdaemon induced to make illicit file writes

This may have gone AWOL before. If there was a reason for the moderator dropping it I'd be interested to know. G.B. THE PROBLEM /usr/sbin/rlpdaemon in HP-UX is setuid root. Switches include "-l" to enable logging and "-L /some/thing" to select a logfile other than the default. When run by a...

ASI Oracle Security Alert: Oracle Home Environment Variable Validation Vulnerability

Oracle Home Environment Variable Validation Vulnerability For additional details, the official advisories from Oracle Corporation can be downloaded from: http://otn.oracle.com/deploy/security/pdf/dbsmpalert.pdf Summary: The dbsnmp executable can be manipulated to run programs from the wrong...

ASI Oracle Security Alert: CHOWN Path Environment Variable Vulnerability

CHOWN Path Environment Variable Vulnerability For additional details, the official advisories from Oracle Corporation can be downloaded from: http://otn.oracle.com/deploy/security/pdf/dbsmpalert.pdf Summary: The vulnerability only affects Oracle 8.0.5 and 8.1.5. The dbsnmp file executes the CHOWN...

ASI Oracle Security Alert: Oracle Home Environment Variable Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oracle Home Environment Variable Buffer Overflow For additional details, the official advisories from Oracle Corporation can be downloaded from: http://otn.oracle.com/deploy/security/pdf/dbsmpalert.pdf Summary: By setting a long ORACLEHOME value more...