15 matches found
CVE-2026-22454
Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...
Solaris 2.5/2.6/7.0/8 kcms_configure KCMS_PROFILES Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/2605/info The Kodak Color Management System configuration tool 'kcmsconfigure' is vulnerable to a buffer overflow that could yield root privileges to an attacker. The bug exists in the KCMSPROFILES environment variable...
Solaris 2.5 / 2.5.1 getgrnam() Local Overflow Exploit
No description provided by source. include stdio.h include sys/types.h / getgrnam function overflow. works against Solaris 2.5/2.5.1 SPARC default offset should work. Pablo Sor, Buenos Aires, Argentina. [email protected] / uchar shell =...
Solaris 2.4 passwd, yppasswd, and nispasswd Overflow Exploits
No description provided by source. ---------------------------- file newpass.c ------------------------------- include stdio.h include syslog.h define hiddenpasswd "/bin/hpasswd" /change here .../ define MAXLENGTH 32 void mainint argc, char argv int i; char args10; ifargc 10 args0=hiddenpasswd;...
Kcms Profile Server
The Kodak Color Management System service is running. The KCMS service on Solaris 2.5 could allow a local user to write to arbitrary files and gain root access. This warning may be a false positive since the presence of the bug has not been tested. Patches: 107337-02 SunOS 5.7 has been released a...
Kcms Profile Server
The Kodak Color Management System service is running. The KCMS service on Solaris 2.5 could allow a local user to write to arbitrary files and gain root access. Patches: 107337-02 SunOS 5.7 has been released and the following should be out soon: 111400-01 SunOS 5.8, 111401-01 SunOS 5.8x86...
CVE-2002-0089
The CVE-2002-0089 issue affects Sun Solaris admintool across Solaris 2.5 through 8 (SPARC/x86). The vulnerability is a buffer overflow in admintool triggered by long strings in two input vectors: (1) the -d command line option and (2) the PRODVERS variable in the .cdtoc file. This can allow a loc...
CVE-1999-1026
aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file...
CVE-1999-1026
CVE-1999-1026 affects aspppd on Solaris 2.5 x86. The vulnerability arises from a symlink attack on the temporary file /tmp/.asppp.fifo, enabling local users to modify arbitrary files and escalate to root privileges. Exploitation details are not provided beyond the described symlink surface, and t...
CVE-1999-1295
Transarc DCE Distributed File System DFS 1.1 for Solaris 2.4 and 2.5 does not properly initialize the grouplist for users who belong to a large number of groups, which could allow those users to gain access to resources that are protected by DFS...
CVE-1999-1158
CVE-1999-1158 describes a buffer overflow in Solaris PAM (versions 2.5.1/2.5) and unix_scheme (Solaris 2.3/2.4) that lets local users gain root privileges through programs that use these modules (e.g., passwd, yppasswd, nispasswd). The root cause is a buffer overflow in the affected modules, enab...
Solaris /usr/bin/cu Vulnerability
Description The /usr/bin/cu command contains a buffer overflow, the problem occurs when it copy his own name argv0 to an internal variable without checking out its lenght and this causes the overflow. Vulnerable Versions Sun Solaris 2.4 Sun Solaris 2.5 Sun Solaris 2.5.1 Sun Solaris 2.6 Sun Solari...
Solaris 2.5/2.5.1 - 'getgrnam()' Local Overflow
include include / getgrnam function overflow. works against Solaris 2.5/2.5.1 SPARC default offset should work. Pablo Sor, Buenos Aires, Argentina. [email protected] / uchar shell = "\x82\x10\x20\xca\xa6\x1c\xc0\x13\x90\x0c\xc0\x13\x92\x0c\xc0\x13"...
Old getgrnam() Solaris 2.5 vulnerability
Hi Old versions of Solaris, 2.5/2.5.1 without patch contain an exploitable buffer overflow in getgrnam libc function. Sorry if this is already know, it seems an old problem but i failed searching it in the bugtraq archives. This vulnerability may be used in newgrp command. bye Pablo Sor...
rpc_exploit.txt
Subject: Re: Exploit of rpc.cmsd To: [email protected] Hi, everybody! The calendar manager rpc.cmsd on Solaris 2.5 and 2.5.1 is vulnerable to a buffer overflow attack... ... Shall we have a look? Let's 'cmlookup -c [email protected]' and simultaneously 'truss -p on 2.6.host:...