177 matches found
Samba < 3.0.37 / 3.2.15 / 3.3.8 / 3.4.2 Multiple Vulnerabilities
Binary data 5194.prm...
Information disclosure by setuid mount.cifs
Description The mount.cifs program allows a user to pass in the name of a credentials file or a file containing a password via several different means. When installed as a setuid program, it does not check to see whether the user would have had access to this file prior to gaining root privileges...
IBM AIX 5.6/6.1 _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug
No description provided by source. !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi [email protected] Property of @ Mediaservice.net Srl Data Security Division http://www.mediaservice.net/...
IBM AIX 5.6/6.1 - '_LIB_INIT_DBG' Arbitrary File Overwrite via Libc Debug
!/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi Property of @ Mediaservice.net Srl Data Security Division http://www.mediaservice.net/ http://lab.mediaservice.net/ DON'T RUN THIS UNLESS YOU KNOW...
IBM AIX libC XL C++运行时库本地权限提升漏洞
IBM AIX是一款商业性质的UNIX操作系统。 AIX的XL C++运行时库的调试组件没有正确地处理LIBINITDBG和LIBINITDBGFILE环境变量,本地用户可以通过链接到XL C++运行时库的setuid root程序创建属于root的任意可写文件。 AIX 5.3中受影响的库是/usr/lpp/xlC/lib/libC.a,AIX 6.1中受影响的库是/usr/ccs/lib/libc.a和/usr/ccs/lib/libp/libc.a。 IBM AIX 6.1 IBM AIX 5.3 厂商补丁: IBM ---...
kernel: exit_notify: kill the wrong capable(CAP_KILL) check
The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...
kernel: exit_notify: kill the wrong capable(CAP_KILL) check
The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...
CVE-2007-5964
The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux RHEL 5, omits the nosuid option for the hosts /net filesystem map, which allows local users to gain privileges via a setuid program on a remote NFS server...
Default configuration
The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux RHEL 5, omits the nosuid option for the hosts /net filesystem map, which allows local users to gain privileges via a setuid program on a remote NFS server...
CVE-2007-5964
The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux RHEL 5, omits the nosuid option for the hosts /net filesystem map, which allows local users to gain privileges via a setuid program on a remote NFS server...
CVE-2007-5964
The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux RHEL 5, omits the nosuid option for the hosts /net filesystem map, which allows local users to gain privileges via a setuid program on a remote NFS server...
CVE-2007-3749
The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of...
Code injection
The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of...
CVE-2007-3749
The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of...
CVE-2007-0394
HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572...
CVE-2007-0393
Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572...
Solaris 10 libnspr LD_PRELOAD Arbitrary File Creation Local Root Exploit
No description provided by source. !/bin/sh $Id: raptorlibnspr2,v 1.4 2006/10/16 11:50:48 raptor Exp $ raptorlibnspr2 - Solaris 10 libnspr LDPRELOAD exploit Copyright c 2006 Marco Ivaldi [email protected] Local exploitation of a design error vulnerability in version 4.6.1 of NSPR, as include...
Solaris 10 libnspr - 'Constructor' Arbitrary File Creation Privilege Escalation (3)
!/bin/sh $Id: raptorlibnspr3,v 1.1 2006/10/24 15:54:57 raptor Exp $ raptorlibnspr3 - Solaris 10 libnspr constructor exploit Copyright c 2006 Marco Ivaldi Local exploitation of a design error vulnerability in version 4.6.1 of NSPR, as included with Sun Microsystems Solaris 10, allows attackers to...
Solaris 10 libnspr - Constructor Arbitrary File Creation Privilege Escalation (3)
Solaris 10 libnspr - Constructor Arbitrary File Creation Privilege Escalation 3 !/bin/sh $Id: raptorlibnspr3,v 1.1 2006/10/24 15:54:57 raptor Exp $ raptorlibnspr3 - Solaris 10 libnspr constructor exploit Copyright c 2006 Marco Ivaldi Local exploitation of a design error vulnerability in version...
Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation (2)
source: https://www.securityfocus.com/bid/20471/info The Netscape Portable Runtime API running on Sun Solaris 10 operating system is prone to a local privilege-escalation vulnerability. A successful exploit of this issue allows an attacker to gain superuser privileges, completely compromising the...