Martin Stover Mars NWE 0.99 - Local Buffer Overflow

Martin Stover Mars NWE 0.99 - Local Buffer Overflow // source: https://www.securityfocus.com/bid/617/info There are several buffer overflows in the setuid root components of the Mars Netware Emulator package. They allow for a local root compromise through the overflowing of buffers without bounds...

RedHat Linux 4.2/5.2/6.0 / S.u.S.E Linux 6.0/6.1 - Cron Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/602/info The version of Vixie cron that ships with RedHat versions 4.2, 5.2 and 6.0 is vulnerable to a local buffer overflow attack. By utilizing the MAILTO environment variable, a buffer can be overflown in the cronpopen function, allowing an attacker...

RedHat Linux 6.0 Slackware Linux 4.0 - Termcap tgetent() Local Buffer Overflow (2)

RedHat Linux 6.0 Slackware Linux 4.0 - Termcap tgetent Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/588/info A buffer overflow existed in libtermcap's tgetent function, which could cause the user to execute arbitrary code if they were able to supply their own termcap file...

qmail-DoS.txt

Date: Mon, 4 Jan 1999 00:04:09 -0500 From: Wietse Venema To: [email protected] Subject: Anonymous Qmail Denial of Service In recent postings, Daniel Bernstein expands on the insecurity of the Postfix world-writable directory for local mail submission. Of all the attacks possible with such a...

mother2.sh

!/bin/sh mother2.sh by; syg @ EFnet AKA the bitch who doesnt care to take credit for such a worthless script that doesnt do anything hard, I just wanted to say those other two bitches are dumb as fuck for even sending this to the public and actually making a huge prop header as if it was some sor...

xtvscreen.suse6.txt

Date: Thu, 18 Feb 1999 15:54:24 +0000 From: Andre Cruz To: [email protected] Subject: xtvscreen and suse 6 You can use xtvscreen to overwrite any file on the system. Xtvscreen has a function to capture a snapshot and will write it as pic000.pnm, pic001.pnm, etc in it's working directory. It...

clearcase2.txt

Date: Tue, 9 Feb 1999 17:57:27 +0100 From: Oezguer Kesim To: [email protected] Subject: Re: L0pht Advisory - Rational Software ClearCase root exploitable race conditions Holla, things are even worse! You may want to remove the setuid flag from /usr/atria/etc/dbloader, but this won't fix the...

digital.unix.bofs.txt

Date: Fri, 19 Feb 1999 14:18:18 -0800 From: Lamont Granquist To: [email protected] Subject: More Buffer Overflows in Digital Unix 1. No return-into-libc exploit for Digital Unix I didn't understand the return-into-libc method really prior to my previous BUGTRAQ post. Since then, I understand i...

Oracle 8 8.1.5 - Intelligent Agent (1)

source: https://www.securityfocus.com/bid/585/info A vulnerability in the Oracle Intelligent Agent allows local malicious users to execute arbitrary commands and to create world writable files as the root user. The problem lies in the dbsnmp program located in $ORACLEHOME/bin . This setuid root a...

[SECURITY] new version isdnutils fixes exploitable xmonisdn

We have received reports that the version of xmonisdn as distributed in the isndutils package from Debian GNU/Linux 2.1 has a security problem. Xmonisdn is an X applet that shows the status of the ISDN links. You can configure it to run two scripts when the left or right mouse button are clicked ...

VMware 1.0.1 - Local Buffer Overflow

VMware 1.0.1 - Local Buffer Overflow // source: https://www.securityfocus.com/bid/490/info VMWare is virtual machine software produced by VMWare inc. VMWare version 1.0.1 for Linux is vulnerable to a buffer overflow attack. Since VMWare is installed with binaries that are setuid root, local users...

SCO Open Server 5.0.5 - X Library Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/638/info A buffer overflow vulnerability in the shared X library may allows local users to obtain higher privileges. Any setuid applications linked against the library are possibly vulnerable. The vulnerability is in the handling of the '-bg' command...

SCO Open Server 5.0.5 - X Library Buffer Overflow (2)

SCO Open Server 5.0.5 - X Library Buffer Overflow 2 // source: https://www.securityfocus.com/bid/638/info A buffer overflow vulnerability in the shared X library may allows local users to obtain higher privileges. Any setuid applications linked against the library are possibly vulnerable. The...

RedHat Linux 5.1 - xosview

// source: https://www.securityfocus.com/bid/362/info xosview is an X11 system monitoring application that ships with RedHat 5.1 installed setuid root. A buffer overflow vulnerability was found in Xrm.cc, the offending code listed below: char userrfilename1024; strcpyuserrfilename, getenv"HOME";...

CVE-1999-0462

suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk...

Solaris 2.5.1 - kcms Local Buffer Overflow (2)

Solaris 2.5.1 - kcms Local Buffer Overflow 2 / source: https://www.securityfocus.com/bid/452/info There is an unchecked sprintf call in the versions of /usr/openwin/bin/kcmsconfigure shipped with solaris 2.5, 2.5.1 and 2.6. Unfortunately, kcmsconfigure is installed setuid root, making it possible...

HP-UX 10.x/11.x - Aserver PATH

source: https://www.securityfocus.com/bid/1929/info Aserver is a server program that ships with HP-UX versions 10.x and above that is used to interface client applications with the audio hardware. Because it talks to hardware, it is installed setuid root by default. During normal execution, Aserv...

Subject: [SECURITY] Debian not vulnerable to recent minicom exploit

Description Recent messages on a computer security forum have again reported that there are buffer overflows in minicom. These can lead into root exploits if the program is installed setuid root. Vulnerability Debian GNU/Linux 2.0 is not vulnerable to this exploit. The program minicom as shipped...

[SECURITY] Seyon is vulnerable to a root exploit

Description We have received a report from SGI that a vulnerability has been discovered in the seyon program. This can lead to a root compromise. Any user who can execute the seyon program can exploit this vulnerability. Since SGI does not provide exploit information, we are unable to fix the...

[SECURITY] New versions of ncurses fixes security problem

We have received a report that using ncurses in setuid programs will give the user a way to open arbitrary files. We recommend you upgrade your ncurses3.4-dev package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm This version of Debian were releas...