19 matches found
EUVD-1999-1400
Malware in sbrugna...
Solaris <= 7.0 Coredump Vulnerbility
No description provided by source. source: http://www.securityfocus.com/bid/296/info There is a vulnerability in the way Solaris 2.4 pre Jumbo Kernel Patch -35 for SPARC dumps core files. Under normal operation the operating system writes out a core image of a process when it is terminated due to...
Solaris 2.4 passwd, yppasswd, and nispasswd Overflow Exploits
No description provided by source. ---------------------------- file newpass.c ------------------------------- include stdio.h include syslog.h define hiddenpasswd "/bin/hpasswd" /change here .../ define MAXLENGTH 32 void mainint argc, char argv int i; char args10; ifargc 10 args0=hiddenpasswd;...
CVE-1999-1419
CVE-1999-1419 describes a buffer overflow in the nss_nisplus.so.1 library used by NIS+ on Solaris 2.3 and 2.4, enabling local users to gain root privileges. The provided documents do not include patch versions or remediation steps. No exploitation details are provided.
CVE-1999-1432
CVE-1999-1432 affects Solaris Powermanagement on Solaris 2.4–2.6; the xlock authentication process does not start until after sys-suspend finishes, allowing a physically proximate attacker to type into the last active application during the restore window and potentially gain higher privileges. A...
CVE-1999-1419
Buffer overflow in nssnisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges...
CVE-1999-1295
Transarc DCE Distributed File System DFS 1.1 for Solaris 2.4 and 2.5 does not properly initialize the grouplist for users who belong to a large number of groups, which could allow those users to gain access to resources that are protected by DFS...
CVE-1999-1413
Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg...
CVE-1999-1413
Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg...
CVE-1999-1413
Solaris 2.4 before patching, prior to the kernel jumbo patch -35, is vulnerable. Set-gid programs can dump core even if the real user is not in the set-gid group, enabling local privilege escalation through a core dump (e.g., via dmesg). The connected documents confirm the vulnerability details; ...
CVE-1999-1158
CVE-1999-1158 describes a buffer overflow in Solaris PAM (versions 2.5.1/2.5) and unix_scheme (Solaris 2.3/2.4) that lets local users gain root privileges through programs that use these modules (e.g., passwd, yppasswd, nispasswd). The root cause is a buffer overflow in the affected modules, enab...
Solaris /usr/bin/cu Vulnerability
Description The /usr/bin/cu command contains a buffer overflow, the problem occurs when it copy his own name argv0 to an internal variable without checking out its lenght and this causes the overflow. Vulnerable Versions Sun Solaris 2.4 Sun Solaris 2.5 Sun Solaris 2.5.1 Sun Solaris 2.6 Sun Solari...
Solaris 2.4 passwd / yppasswd / nispasswd - Local Overflow
---------------------------- file newpass.c ------------------------------- include include define hiddenpasswd "/bin/hpasswd" /change here .../ define MAXLENGTH 32 void mainint argc, char argv int i; char args10; ifargc MAXLENGTH printf"You reached the maximum length in args\n"; exit0; else...
Solaris 2.4 passwd yppasswd nispasswd - Local Overflow
Solaris 2.4 passwd yppasswd nispasswd - Local Overflow ---------------------------- file newpass.c ------------------------------- include include define hiddenpasswd "/bin/hpasswd" /change here .../ define MAXLENGTH 32 void mainint argc, char argv int i; char args10; ifargc MAXLENGTH printf"You...
Solaris 2.4 passwd, yppasswd, and nispasswd Overflow Exploits
Exploit for solaris platform in category local exploits ============================================================= Solaris 2.4 passwd, yppasswd, and nispasswd Overflow Exploits ============================================================= ---------------------------- file newpass.c...
Solaris 2.4 - '/bin/fdformat' Local Buffer Overflow
--------------------------- lion24.c --------------------------------- / Solaris 2.4 / include include include include define BUFLENGTH 264 define EXTRA 36 define STACKOFFSET -56 define SPARCNOP 0xa61cc013 uchar sparcshellcode = "\x2d\x0b\xd8\x9a\xac\x15\xa1\x6e\x2f\x0b\xda\xdc\xae\x15\xe3\x68"...
Solaris 2.4 /bin/fdformat Local Buffer Overflow Exploits
Exploit for solaris platform in category local exploits ======================================================== Solaris 2.4 /bin/fdformat Local Buffer Overflow Exploits ======================================================== --------------------------- lion24.c ---------------------------------...
CVE-1999-1413
Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg...
Solaris 7.0 - Coredump File Write
Solaris 7.0 - Coredump File Write source: https://www.securityfocus.com/bid/296/info There is a vulnerability in the way Solaris 2.4 pre Jumbo Kernel Patch -35 for SPARC dumps core files. Under normal operation the operating system writes out a core image of a process when it is terminated due to...