CVE-2001-0084

GTK+ library allows local users to specify arbitrary modules via the GTKMODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program...

CVE-2000-0959

glibc2 does not properly clear the LDDEBUGOUTPUT and LDDEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack...

CVE-2000-0959

CVE-2000-0959 concerns glibc2/ld.so: the loader does not clear LD_DEBUG_OUTPUT and LD_DEBUG before invoking programs from a setuid context. This can enable a local attacker to exploit a symlink to overwrite arbitrary files. Concrete details exist in CERT/CC reports (Debian advisory) describing th...

CVE-2000-0824

The CVE-2000-0824 issue involves glibc 2.1.1 unsetenv(): when a variable appears twice in the environment, the value may not be properly removed, enabling a local attacker to influence setuid programs with duplicate variables (e.g., LD_PRELOAD, LD_LIBRARY_PATH) and potentially execute code as roo...

CVE-2000-0824

The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LDPRELOAD or...

[MSY] Multiple vulnerabilities in splitvt

--------------- MasterSecuritY www.mastersecurity.fr --------------- ---------------- Multiple vulnerabilities in splitvt ----------------- ------------------ By fish stiqz [email protected] ------------------- --------- And Michel "MaXX" Kaempf [email protected] ---------- -- 0x00 - Table of...

glibc 2.2 local vulnerability on setuid binaries

glibc-2.2 contains a local vulnerability that affects all setuid root binaries. Any user on affected systems will be able to read any file on the system through a simple process: The user sets the RESOLVHOSTCONF environment variable to the name of the file that they wish to read, then runs any...

Seyon buffer overflow exploit.

Dear, Vuln-Dev I am posting this here since I do not know if the attached buffer overflow exploit will work on any distribution where seyon comes as setgid/setuid by default. Seyon which is a telecommunications package for the X Window System, is not intended to run as setuid/setgid, however, I...

itetris[v1.6.2] local root exploit (system()+../ protection)

i was auditing some svgalibsuid root programs and noticed itetris had a possibly exploitable system; call... which has since obviously proven exploitable or i wouldn't be posting this message. : ORIGINAL exploit url belowun-wrapped: http://realhalo.org/xitetris.c xitetris.c: / itetrisv1.6.2 local...

CVE-2000-0959

glibc2 does not properly clear the LDDEBUGOUTPUT and LDDEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack...

More Sonata Conferencing software vulnerabilities.

Vulnerability Report 2 For Voyant Technologies Sonata Conferencing product. Larry W. Cashdollar Vapid Labs Date Published: 12/18/2000 Advisory ID: 12182000-02 CVE CAN: None currently assigned. Title: Sonata doroot command vulnerability. Class: Design Error Remotely Exploitable: no Locally...

Itetris 1.6.11.6.2 - Privileged Arbitrary Command Execution

Itetris 1.6.11.6.2 - Privileged Arbitrary Command Execution // source: https://www.securityfocus.com/bid/2139/info Itetris, or "Intelligent Tetris", is a clone of the popular Tetris puzzle game for linux systems. The svgalib version of Itetris is installed setuid root so that it may access video...

Fixed local AIX V43 vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Just for the record, here are some local AIX vulnerabilities we have found, and which have been fixed by IBM this year. If you have been applying fixes, there should be no problem with these anymore. But it might be interesting to know what some of those massive...

dump 0.4b15 Local Root Exploit

Exploit for linux platform in category local exploits ============================== dump 0.4b15 Local Root Exploit ============================== !/bin/sh Redhat 6.2 dump command executes external program with suid priviledge. Discovered by Mat Written for and by a scriptkid Tasc ;P Remember,...

xsplumber - strcpy() Local Buffer Overflow

xsplumber - strcpy Local Buffer Overflow / linuxsplumberversion2 buffer overflow, by [email protected]. this is a misc. exploit for the linux-SVGAlib space plumber game. which, as you know needs to be installed setuid root. this overflow is due to a simple oversight in the command line parser. us...

xsplumber - 'strcpy()' Local Buffer Overflow

/ linuxsplumberversion2 buffer overflow, by [email protected]. this is a misc. exploit for the linux-SVGAlib space plumber game. which, as you know needs to be installed setuid root. this overflow is due to a simple oversight in the command line parser. uses strcpy to copy to an unchecked 250 byt...

xsplumber - strcpy() buffer overflow

Exploit for linux platform in category local exploits ==================================== xsplumber - strcpy buffer overflow ==================================== / linuxsplumberversion2 buffer overflow, by v9email protected. this is a misc. exploit for the linux-SVGAlib space plumber game. which...

CVE-2000-0879

LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services...

HP-UX 9.x/10.x/11.x - cu Buffer Overflow

source: https://www.securityfocus.com/bid/1886/info cu is a unix utility that is used for communication between two hosts usually over phone lines. It is typically isntalled setuid root so that it can access communications hardware when executed by a regular user. The version of cu that ships wit...

David Bagley xlock 4.16 - User Supplied Format String (2)

David Bagley xlock 4.16 - User Supplied Format String 2 // source: https://www.securityfocus.com/bid/1585/info A vulnerability exists in versions of the xlockmore program, originally written by David Bagley. It is believed to affect all versions of xlock derived from xlockmore. This includes the...