3208 matches found
Red Hat linux restore uses insecure environment variables allowing root compromise
Overview Some implementations of the Linux restoration utility, restore, call external programs on remote machines via the RSH environment variable. This may permit an attacker to compromise root if restore is setuid root. Description Some implementations of the Linux restoration utility, restore...
FreeBSD-SA-01:55.procfs
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:55 Security Advisory FreeBSD, Inc. Topic: procfs vulnerability leaks setugid process memory Category: core Module: procfs Announced: 2001-08-21 Credits: Joost Pol Affects...
Solaris 8 - x86 xlock Heap Overflow
Solaris 8 - x86 xlock Heap Overflow // source: https://www.securityfocus.com/bid/3160/info Xlock is a utility for locking X-windows displays. It is installed setuid root because it uses the user's password to authorize access to the display when it is locked. The version of xlock that ships with...
Solaris 2.678 (SPARC) - xlock Heap Overflow
Solaris 2.678 SPARC - xlock Heap Overflow // source: https://www.securityfocus.com/bid/3160/info Xlock is a utility for locking X-windows displays. It is installed setuid root because it uses the user's password to authorize access to the display when it is locked. The version of xlock that ships...
FreeBSD-SA-01:41.hanterm
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:41 Security Advisory FreeBSD, Inc. Topic: hanterm ports allow local root compromise Category: ports Module: ko-hanterm, ko-hanterm-xf Announced: 2001-07-09 Credits:...
Lmail 2.7 - Temporary File Race Condition
Lmail 2.7 - Temporary File Race Condition // source: https://www.securityfocus.com/bid/2984/info Jon Zeeff's lmail is a local mail delivery agent LDA designed to provide mail-to-pipe and mail-to-file aliasing for smail. A race condition vulnerability exists in lmail. The lmail program makes...
Lmail 2.7 - Temporary File Race Condition
// source: https://www.securityfocus.com/bid/2984/info Jon Zeeff's lmail is a local mail delivery agent LDA designed to provide mail-to-pipe and mail-to-file aliasing for smail. A race condition vulnerability exists in lmail. The lmail program makes insecure use of temporary files, making it...
Xvt 2.1 - Local Buffer Overflow
// source: https://www.securityfocus.com/bid/2955/info Xvt is a terminal emulator for systems using X11R6. It is often installed setuid/setgid so that it runs with the enhanced privileges required to log user sessions. Xvt contains a buffer overflow in it's handling of the '-name' argument. An...
Xvt 2.1 - Local Buffer Overflow
Xvt 2.1 - Local Buffer Overflow // source: https://www.securityfocus.com/bid/2955/info Xvt is a terminal emulator for systems using X11R6. It is often installed setuid/setgid so that it runs with the enhanced privileges required to log user sessions. Xvt contains a buffer overflow in it's handlin...
reading from execve()ed setuid memory
Posted to bugzilla.redhat.com: Tue, 15 May 2001 06:43:27 -0400 This was then made unaccessable, and I've seen nothing that looks like a fix yet. A month and a half seems like long enough to work it out. Contents of https://bugzilla.redhat.com/bugzilla/showbug.cgi?id=40658 as posted before the pag...
CVE-2001-0459
Buffer overflows in ascdc Afterstep while running setuid allows local users to gain root privileges via a long 1 -d option, 2 -m option, or 3 -f option...
Solaris 8 libsldap - Local Buffer Overflow (2)
Solaris 8 libsldap - Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/2931/info Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid...
Linux Kernel 2.22.4 - procfs Stream redirection to Process Memory Privilege Escalation
Linux Kernel 2.22.4 - procfs Stream redirection to Process Memory Privilege Escalation / source: https://www.securityfocus.com/bid/2937/info The Linux /proc filesystem is a virtual filesystem provided by the Linux Kernel as an interface to some process and system information and parameters. Under...
Solaris 8 libsldap buffer overflow
DESCRIPTION The library implementing LDAP naming services on Solaris 8, libsldap, contains a buffer overflow in the initialization code. While parsing the environment variable LDAPOPTIONS, a fixed size buffer is used to store its contents which can be of any length. This is a straightforward buff...
Solaris 8 libsldap - Local Buffer Overflow (2)
// source: https://www.securityfocus.com/bid/2931/info Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid. Libsldap contains a buffer overflow vulnerability ...
Linux Kernel 2.2/2.4 - procfs Stream redirection to Process Memory Privilege Escalation
/ source: https://www.securityfocus.com/bid/2937/info The Linux /proc filesystem is a virtual filesystem provided by the Linux Kernel as an interface to some process and system information and parameters. Under certain circumstances, an access validation error may exist in the handling of...
CVE-2001-1324
cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexecenv function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges...
Solaris 8 libsldap - Local Buffer Overflow (1)
// source: https://www.securityfocus.com/bid/2931/info Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid. Libsldap contains a buffer overflow vulnerability ...
Solaris /opt/SUNWssp/bin/cb_reset Vulnerability
Vulnerability in Solaris /opt/SUNWssp/bin/cbreset Date Published: June 12, 2001 Advisory ID: N/A Bugtraq ID: N/A CVE CAN: Non currently assigned. Title: Solaris /opt/SUNWssp/bin/cbreset Buffer Overflow Vulnerability Class: Boundary Error Condition Remotely Exploitable: No Locally Exploitable: Yes...
SGI Performance Co-Pilot 2.1.x2.2 - pmpost Symbolic Link
SGI Performance Co-Pilot 2.1.x2.2 - pmpost Symbolic Link // source: https://www.securityfocus.com/bid/2887/info Performance Co-Pilot PCP is a set of services to support system-level performance monitoring developed by SGI. It has traditionally been an IRIX product, however SGI has made it open...