[SECURITY] New version of glibc released

Package: glibc Vulnerability: local exploit Debian-specific: no Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code. The first problem is the way ld.so handles environment variables: in order to provide a safe environmen...

[SECURITY] New version of glibc released

------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman September 2, 2000 - ------------------------------------------------------------------------ Package: glibc Vulnerability: local...

cmctl_exp

! /usr/bin/ksh cmctl is installed setuid to Oracle by default. See BugTraq ID 170 and Oracle bug id 701297 and 714293. This script will create a setuid Oracle shell, /tmp/.sh redirect environment variables export ORACLEHOME=/tmp export ORAHOME=/tmp mkdir /tmp/bin chmod a+rx /tmp/bin create cmadmi...

David Bagley xlock 4.16 - User Supplied Format String (1)

David Bagley xlock 4.16 - User Supplied Format String 1 // source: https://www.securityfocus.com/bid/1585/info A vulnerability exists in versions of the xlockmore program, originally written by David Bagley. It is believed to affect all versions of xlock derived from xlockmore. This includes the...

David Bagley xlock 4.16 - User Supplied Format String (1)

// source: https://www.securityfocus.com/bid/1585/info A vulnerability exists in versions of the xlockmore program, originally written by David Bagley. It is believed to affect all versions of xlock derived from xlockmore. This includes the xlock shipped with a number of popular operating systems...

Luca Deri ntop 1.2 a7-91.3.1 - Remote Buffer Overflow

Luca Deri ntop 1.2 a7-91.3.1 - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/1576/info ntop is a network usage monitoring tool for unix systems. It can be invoked at the console or as a server daemon, presenting statistics information via http with the -w parameter. In this...

Possible vulnerability in HPUX

Hello, Few days ago i read the mail Hackerslab bugpaper HP-UX bdf -t option buffer overflow vul. And decided to see any other possible vulnerabilityies on my ststem. HP-UX 10.20. After a few minutes maybe a little more : ,trying each setuid exe with different options, i finally got results as for...

linux/x86 break chroot setuid0 + /bin/sh 132 bytes

linux/x86 break chroot setuid0 + /bin/sh 132 bytes. Shellcode exploit for linx86 platform / Linux/x86 - setreuid0, 0; - chroot-break make a temp dir with mkdir, chroot to tempdir, go through a loop of chdir".."; then a final chroot"."; - execve of /bin/sh used in several wu-ftpd, beroftpd and...

linux/x86 break chroot setuid(0) + /bin/sh 132 bytes

Exploit for linux/x86 platform in category shellcode ==================================================== linux/x86 break chroot setuid0 + /bin/sh 132 bytes ==================================================== / Linux/x86 - setreuid0, 0; - chroot-break make a temp dir with mkdir, chroot to tempdi...

CVE-2000-0615

LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files...

LPRng lpd should not be SETUID root

Well, even in spite of all of my efforts, care, and paranoia, I finally dropped the hammer on my foot. Luckily it appears that I spotted this loophole before somebody on the LPRng mailing list did. Or worse yet, got a call from CERT about this problem :- SUMMARY: Versions of...

X 11.03.3.33.3.43.3.53.3.64.0 - libX11 _XAsyncReply() Stack Corruption

X 11.03.3.33.3.43.3.53.3.64.0 - libX11 XAsyncReply Stack Corruption // source: https://www.securityfocus.com/bid/1408/info A vulnerability exists in the XAsyncReply function of libX11. This function utilizes size information retrieved as part of a client supplied packet. This value is a signed...

X 11.0/3.3.3/3.3.4/3.3.5/3.3.6/4.0 - libX11 '_XAsyncReply()' Stack Corruption

// source: https://www.securityfocus.com/bid/1408/info A vulnerability exists in the XAsyncReply function of libX11. This function utilizes size information retrieved as part of a client supplied packet. This value is a signed integer. By forcing this value to be negative, it becomes possible to...

Серьезная ошибка в ядре Linux

Недокументированный вызов setcap из чернового стандарта POSIX позволяет установить некоторые ограничения на процесс, в т.ч. CAPSETUID, которая позволяет блокировать вызов setuid. При этом эти ограничения могут быть унаследованы дочерними приложениями, что позволяет, установив подобное ограничение...

KDE 1.1.2 KApplication configfile - Local Privilege Escalation (1)

KDE 1.1.2 KApplication configfile - Local Privilege Escalation 1 source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can...

KDE 1.1.2 KApplication configfile - Local Privilege Escalation (2)

KDE 1.1.2 KApplication configfile - Local Privilege Escalation 2 source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can...

KDE 1.1.2 KApplication configfile - Local Privilege Escalation (1)

source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can modify ownership of arbitrary files when running setuid root...

S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Local Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/1239/info A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying a large, well crafted buffer containing machine executable code in place of the mount point, it is possib...

S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow (1)

S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow 1 // source: https://www.securityfocus.com/bid/1239/info A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying ...

S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Local Buffer Overflow (3)

// source: https://www.securityfocus.com/bid/1239/info A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying a large, well crafted buffer containing machine executable code in place of the mount point, it is possib...