HP Tru64 UNIX "msgchk" contains buffer overflow (SSRT2275)

Overview msgchk, a part of the MH mail system, reportedly suffers from a buffer overflow with respect to the name of the inbox to be checked for new mail. This overflow would allow the user of msgchk to execute arbitrary code. Description msgchk is the portion of the MH mail system that checks fo...

Rational ClearCase 3.24.x - DB Loader TERM Environment Variable Buffer Overflow

Rational ClearCase 3.24.x - DB Loader TERM Environment Variable Buffer Overflow // source: https://www.securityfocus.com/bid/3523/info ClearCase is a commercially available software change management package. It is maintained and distributed by Rational. A problem with the package could lead to a...

macosxsetuidroot.txt

Dump to text file if you find easier. http://www.securemac.com/macosxsetuidroot.php Operating System: Max OS X Version Affected: up to 10.1 Security Risk: High Remote: No Fixed: No About: Mac OS X over the past few months have started to splout security concerns, this being one of the first most...

Linux Kernel 2.2/2.4 - Ptrace/Setuid Exec Privilege Escalation

source: https://www.securityfocus.com/bid/3447/info Linux contains a vulnerability in it's exec implementation that may allow for modification of setuid process memory via ptrace. The vulnerability is due to the fact that it is possible for a traced process to exec a setuid image if the tracing...

Linux Kernel 2.22.4 - PtraceSetuid Exec Privilege Escalation

Linux Kernel 2.22.4 - PtraceSetuid Exec Privilege Escalation source: https://www.securityfocus.com/bid/3447/info Linux contains a vulnerability in it's exec implementation that may allow for modification of setuid process memory via ptrace. The vulnerability is due to the fact that it is possible...

Snes9x 1.3 - Local Buffer Overflow

// source: https://www.securityfocus.com/bid/3437/info Snes9x is a free Super Nintendo emulator that runs on a number of platforms. Snes9x is prone to a buffer overflow. This is due to improper bounds checking of rom names. In this case, 4089 characters are required to overwrite the EIP. If this...

Snes9x 1.3 - Local Buffer Overflow

Snes9x 1.3 - Local Buffer Overflow // source: https://www.securityfocus.com/bid/3437/info Snes9x is a free Super Nintendo emulator that runs on a number of platforms. Snes9x is prone to a buffer overflow. This is due to improper bounds checking of rom names. In this case, 4089 characters are...

IBM AIX portmir buffer overflow

Overview There is a buffer overflow vulnerability in the AIX portmir command that may allow local attackers to gain root privileges. Description There is a buffer overflow in the AIX portmir command. This problem was described in IBM ERS security bulletin: ERS-SVA-E01-1997:006.1. --- Impact...

IBM AIX nslookup fails to drop root privileges

Overview The nslookup command fails to drop privileges, allowing local attackers to gain root privileges. Description The nslookup program fails to drop the privileges it gains from being setuid. This access appears to be needed to read the "/etc/resolv.conf" file. This problem was described in I...

hylafax

There are some format strings vulnerbilities in the lastest hylafax package try faxrm -h x 1 or faxalter -h x -D 1 for "proof of concept". Both faxrm and faxalter are installed setuid uucp on FreeBSD installed from port collection. uid uucp is not that exciting but with some luck you'll find uucp...

CVE-2001-0176

CVE-2001-0176 concerns the Voyant Sonata 3.x setuid doroot program, where passing arbitrary command line arguments can grant local users root privileges. The vulnerability stems from the program’s setuid behavior, enabling privilege escalation when specific arguments are invoked. Public reference...

CVE-2001-0176

The setuid doroot program in Voyant Sonata 3.x executes arbitrary command line arguments, which allows local users to gain root privileges...

CVE-1999-1182

Buffer overflow in run-time linkers 1 ld.so or 2 ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name argv0 and forcing ld.so/ld-linux.so to report an error...

CVE-1999-1125

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file...

CVE-1999-1182

This CVE (CVE-1999-1182) affects Linux runtime linkers ld.so and ld-linux.so. A buffer overflow occurs when a long argv[0] triggers an error report by ld.so/ld-linux.so, allowing local users to gain privileges when invoking a setuid program. The attack is local with low complexity; impact is to c...

CVE-1999-1123

CVE-1999-1123 affects Sun Source tapes (sunsrc). Local users can gain root privileges through setuid root programs (makeinstall, winstall). The root cause is not explicitly detailed in the provided documents, but the vulnerability enables local privilege escalation with complete confidentiality, ...

CVE-1999-1123

The installation of Sun Source sunsrc tapes allows local users to gain root privileges via setuid root programs 1 makeinstall or 2 winstall...

[ Hackerslab bug_paper ] Informix-SQL application vulnerability

============================================================================== Hackerslab bugpaper Informix-SQL application vulnerability ============================================================================== File : Informix-SQL application SYSTEM : Systems running Informix INFO : There i...

IBM AIX lsfs utility invokes grep and lslv with relative pathnames

Overview The IBM AIX operating system contains a vulnerability in the lsfs utility that allows a local user to execute arbitrary code as root. Description The IBM AIX lsfs utility displays filesystem information such as mount points, permissions and volume sizes. To list this information, it...

Linux dump uses environment variables insecurely, allowing for root compromise

Overview Some implementations of the Linux backup utility, dump, call external programs on remote machines via the RSH environment variable. This may permit an attacker to compromise root if dump is setuid root. Description Some implementations of the Linux backup utility, dump, permit use of...