6277 matches found
cron_root_patch.txt
Subject: Vixie Cron version 3.0pl1 vulnerable to root exploit To: [email protected] Vixie Cron version 3.0pl1 vulne.ems Content-Type: text/plain; charset=us-ascii PGP Signature Status: unknown Signer: Unknown, Key ID xAE8F7CF5 Signed: 8/28/99 11:42:41 PM Verified: 9/22/99 1:44:11 AM BEGIN...
VMWare_exploit.txt
Subject: Re: VMWare Advisory.. - exploit To: [email protected] / VMware v1.0.1 root sploit funkySh 02/07/99 1. Redhat 5.2 2.2.9 offset 800-1100 2. offset 1600-2200 1. Slackware 3.6 2.2.9 offset 0 2. offset ? 1 - started from xterm on localhost 2 - started from telnet, with valid display /...
slackdb.txt
Date: Thu, 16 Jul 1998 09:22:40 +0200 From: Martin Bene Subject: Berkley DB problem in slackware distribution Hi! I recently ran into a potential problem with berkley db 1.85 as distributed with all versions of slackware linux: fixed in slackware 3.5 as of 07.14.98 libdb.so.1.85.4 defines snprint...
rxvt.sh
There is a major security hole in rxvt, a terminal emulator for X, when it is run on systems suid root, as is required on many configurations in order to write to the utmp file. It is obvious from the code that this program was not written to be run suid root, its a pity that sysadmins that insta...
SuSE Linux 6.2 / Slackware Linux 3.2/3.6 - 'identd' Denial of Service
// source: https://www.securityfocus.com/bid/587/info In the inetd.conf under certain distributions of SuSE Linux the in.identd daemon is started with the -w -t120 option. This means that one identd process waits 120 seconds after answering the first request to answer the next request. If a...
SuSE Linux 6.2 Slackware Linux 3.23.6 - identd Denial of Service
SuSE Linux 6.2 Slackware Linux 3.23.6 - identd Denial of Service // source: https://www.securityfocus.com/bid/587/info In the inetd.conf under certain distributions of SuSE Linux the in.identd daemon is started with the -w -t120 option. This means that one identd process waits 120 seconds after...
mailx 8.1.1-10 (BSDSlackware) - Local Buffer Overflow (2)
mailx 8.1.1-10 BSDSlackware - Local Buffer Overflow 2 / source: https://www.securityfocus.com/bid/1305/info Some Linux distributions ship with BSD mailx 8.1.1-10 On Slackware 7.x it can be found as /usr/bin/Mail. A vulnerability exists in the 'mail' program, part of the Berkeley mailx package. Th...
CVE-1999-0421
During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password...
RedHat Linux 5.05.15.2 Slackware Linux 3.5 - klogd Local Buffer Overflow (1)
RedHat Linux 5.05.15.2 Slackware Linux 3.5 - klogd Local Buffer Overflow 1 // source: https://www.securityfocus.com/bid/398/info It is possible to cause a denial of service remote and local through generating old, obscure kernel messages not terminated with \n in klogd. The problem exists because...
RedHat Linux 5.05.15.2 Slackware Linux 3.5 - klogd Local Buffer Overflow (2)
RedHat Linux 5.05.15.2 Slackware Linux 3.5 - klogd Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/398/info It is possible to cause a denial of service remote and local through generating old, obscure kernel messages not terminated with \n in klogd. The problem exists because...
RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Local Buffer Overflow (1)
// source: https://www.securityfocus.com/bid/398/info It is possible to cause a denial of service remote and local through generating old, obscure kernel messages not terminated with \n in klogd. The problem exists because of a buffer overflow in the klogd handling of kernel messages. It is...
RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Local Buffer Overflow (2)
// source: https://www.securityfocus.com/bid/398/info It is possible to cause a denial of service remote and local through generating old, obscure kernel messages not terminated with \n in klogd. The problem exists because of a buffer overflow in the klogd handling of kernel messages. It is...
CVE-1999-1422
The default configuration of Slackware 3.4, and possibly other versions, includes . dot, the current directory in the PATH environmental variable, which could allow local users to create Trojan horse programs that are inadvertently executed by other users...
CVE-1999-1434
login in Slackware Linux 3.2 through 3.5 does not properly check for an error when the /etc/group file is missing, which prevents it from dropping privileges, causing it to assign root privileges to any local user who logs on to the server...
Slackware Linux 3.5 - '/etc/group' Local Privilege Escalation
source: https://www.securityfocus.com/bid/155/info Due to the way /bin/login behaves when a /etc/group file is not present under Slackware's version of the password shadowing suite, users who log in while this file is not present will be given uid and gid 0. This will allow them unrestricted acce...
Slackware Linux 3.5 - etcgroup Local Privilege Escalation
Slackware Linux 3.5 - etcgroup Local Privilege Escalation source: https://www.securityfocus.com/bid/155/info Due to the way /bin/login behaves when a /etc/group file is not present under Slackware's version of the password shadowing suite, users who log in while this file is not present will be...
CVE-1999-1498
Slackware Linux 3.4 pkgtool allows local attacker to read and write to arbitrary files via a symlink attack on the reply file...
Slackware Linux 3.4 - pkgtool Temporary File
Slackware Linux 3.4 - pkgtool Temporary File source: https://www.securityfocus.com/bid/82/info pkgtool creates the file /tmp/reply insecurely and follows symbolic links. An attacker can create a symbolic link from /tmp/reply to any file and wait for root to run the program. This will clober the...
Slackware Linux 3.4 - 'makebootdisk' Temporary File
source: https://www.securityfocus.com/bid/78/info makebootdisk creates the file /tmp/return insecurely and follows symbolic links. An attacker can create a symbolic link from /tmp/return to any file and wait for root to run the program. This will clober the target file. The file created has...
Slackware Linux 3.4 - 'netconfig' Temporary File
source: https://www.securityfocus.com/bid/81/info netconfig creates the file /tmp/tmpmsg insecurely and follows symbolic links. An attacker can create a symbolic link from /tmp/tmpmsg to any file and wait for root to run the program. This will clober the target file. The file created has...