16 matches found
EUVD-2001-0095
Malware in sbrugna...
EUVD-2003-0087
Malware in sbrugna...
SunOS 5.7 Catman - Local Insecure tmp Symlink Clobber Exploit
No description provided by source. !/usr/local/bin/perl -w The problem is catman creates files in /tmp insecurly. They are based on the PID of the catman process, catman will happily clobber any files that are symlinked to that file. The idea of this script is to watch the process list for the...
CVE-1999-1014
The CVE-1999-1014 entry concerns Solaris 2.7 mail command with a buffer overflow when processing a long -m argument. The affected component is the mail command; root cause is a buffer overflow that enables local privilege escalation. The description consistently states that local users can gain p...
CVE-2001-0095
Catman in Solaris 2.7/2.8 creates insecure temporary files with predictable names in world-writable /tmp, enabling local users to perform a symlink attack to overwrite arbitrary files. The root cause is predictable temp-file naming and symlink handling when run as root. Impact is local privilege ...
CVE-2001-0548
Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable...
CHINANSL Security Advisory(CSA-200107)
Topic: IBM WCS 4.0.1 + Application Server 3.0.2 for Solaris 2.7 show ".jsp" source Vulnerability. vulnerable: Solaris 2.7 + IBM WCS4.0,Application Server 3.0.2 discussion: follow URL insert "/" will be downloading ".jsp" source. exploits: http://target/index.jsp/ solution: to...
ISC BIND 8.2.x - TSIG Remote Stack Overflow (3)
ISC BIND 8.2.x - TSIG Remote Stack Overflow 3 / copyright LAST STAGE OF DELIRIUM feb 2001 poland ://lsd-pl.net/ / / bind 8.2 8.2.1 8.2.2 8.2.2-PX Solaris 2.7 x86 / / The code establishes a TCP connection with port 53 of a target system. / / It makes use of the "infoleek" bug through UDP to obtain...
CVE-2001-0095
catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the smanPID temporary file...
Solaris /usr/bin/cu Vulnerability
Description The /usr/bin/cu command contains a buffer overflow, the problem occurs when it copy his own name argv0 to an internal variable without checking out its lenght and this causes the overflow. Vulnerable Versions Sun Solaris 2.4 Sun Solaris 2.5 Sun Solaris 2.5.1 Sun Solaris 2.6 Sun Solari...
catman-race.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Solaris 2.7/2.8 catman temp file vulnerability. Larry W. Cashdollar Vapid Labs Date Published: 12/18/2000 Advisory ID: 11242000-02 Risk: Low Title: catman temp file vulnerability. Class: Design Error Remotely Exploitable: no Locally Exploitable: Yes...
solaris_bof.txt
Subject: Solaris 2.7 /usr/bin/mail To: [email protected] Greetings, There is a possible buffer overflow vulnerability in Solaris 2.7's sgid mail /usr/bin/mail. The reason it's only a possibility and not a full blow exploit is that mail drops sgid privs before the overflow occurs. However ...
CVE-1999-1014
Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument...
solaris-2.7-finger-bounce.txt
Date: Sat, 26 Dec 1998 20:08:38 -0500 From: spoon To: [email protected] Subject: lame old finger bounce bug still exists in sparc 2.7 Hi, while beating on solaris today i found this... Yeah and finger is still enabled in inetd.conf by default in solaris 2.7. suprised this still exists... shrug...
Solaris 2.67.08 - netpr Local Buffer Overflow (1)
Solaris 2.67.08 - netpr Local Buffer Overflow 1 // source: https://www.securityfocus.com/bid/1200/info A buffer overrun exists in the 'netpr' program, part of the SUNWpcu LP package included with Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7, on both Sparc and x86 have be...
Solaris 2.67.08 - netpr Local Buffer Overflow (2)
Solaris 2.67.08 - netpr Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/1200/info A buffer overrun exists in the 'netpr' program, part of the SUNWpcu LP package included with Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7, on both Sparc and x86 have be...