27 matches found
EUVD-1999-1004
Malware in sbrugna...
Solaris 7.0 /usr/bin/mail -m Local Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/672/info A buffer overflow vulnerability in the '/usr/bin/mail' program's handling of the '-m' command line argument allows local users to obtain access to the 'mail' group. / Generic Solaris x86 exploit program by Brock...
Sun Solaris 7.0 procfs Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/448/info A nonpriviliged user can crash any 32 or 64 bit non-intel machine running Solaris 7 by executing the following: more /proc/self/psinfo This is due to a bug in the Solaris 7 procfs. %more /proc/self/psinfo crash...
Sun Solaris 7.0 rpc.ttdbserver Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/811/info It is possible to crash rpc.ttdbserver by using the old tddbserver buffer overflow exploit. This problem is caused by a NULL pointer being dereferenced when rpc function 15 is called with garbage. You cannot make...
Solaris 2.5/2.5.1/2.6/7.0 sadmind Buffer Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/866/info Certain versions of Solaris ship with a version of sadmind which is vulnerable to a remotely exploitable buffer overflow attack. sadmind is the daemon used by Solstice AdminSuite applications to perform distribut...
Solaris 2.5/2.6/7.0/8 kcms_configure KCMS_PROFILES Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/2605/info The Kodak Color Management System configuration tool 'kcmsconfigure' is vulnerable to a buffer overflow that could yield root privileges to an attacker. The bug exists in the KCMSPROFILES environment variable...
CVE-1999-1023
The CVE-1999-1023 entry concerns Solaris 7.0, where the useradd utility does not correctly interpret certain date formats provided to the -e expiration date argument. This incorrect parsing could allow users to log in after their accounts are supposed to expire, per the documented description. No...
Solaris 2.6/7.0 - DTMail Mail Environment Variable Buffer Overflow
// source: https://www.securityfocus.com/bid/3081/info dtmail is an application included with the Common Desktop Environment, one of the X Window Managers included with Solaris. A buffer overflow in dtmail makes it possible for a local user to gain elevated privileges. Due to improper bounds...
Solaris 2.6/7.0 - lp -d Option Buffer Overflow
// source: https://www.securityfocus.com/bid/1143/info A buffer overrun has been discovered in the lp program, as included with Sun's Solaris 7 operating system. By passing well crafted, machine executable code of sufficient length to the -d option of lp, it becomes possible to execute arbitrary...
Solaris 7.0 - DMI Denial of Service
Solaris 7.0 - DMI Denial of Service source: https://www.securityfocus.com/bid/878/info DMI is the Desktop Management Interface, and is a suite of application management programs shipped with Sun's Solaris. Each application that is managed through DMI has a MIF record which contains information...
Solaris 7.0 - CDE dtmailmailtool Buffer Overflow
Solaris 7.0 - CDE dtmailmailtool Buffer Overflow // source: https://www.securityfocus.com/bid/832/info here are three buffer overflow vulnerabilities in the CDE mail utilities, all of which are installed sgid mail by default. The first is exploited through overrunning a buffer in the Content-Type...
Solaris 7.0 - kcms_configure Local Overflow Local Privilege Escalation
Solaris 7.0 - kcmsconfigure Local Overflow Local Privilege Escalation / source: https://www.securityfocus.com/bid/831/info The binary kcmsconfigure, part of the Kodak Color Management System package shipped with OpenWindows and ultimately, Solaris is vulnerable to a local buffer overflow. The...
Solaris 7.0 - 'kcms_configure' Local Overflow / Local Privilege Escalation
/ source: https://www.securityfocus.com/bid/831/info The binary kcmsconfigure, part of the Kodak Color Management System package shipped with OpenWindows and ultimately, Solaris is vulnerable to a local buffer overflow. The buffer which the contents of the environment variable NETPATH are copied...
Solaris 7.0 - CDE dtmail/mailtool Buffer Overflow
// source: https://www.securityfocus.com/bid/832/info here are three buffer overflow vulnerabilities in the CDE mail utilities, all of which are installed sgid mail by default. The first is exploited through overrunning a buffer in the Content-Type: field, which would look something like this:...
Common Desktop Environment 2.1 20 Solaris 7.0 - dtspcd Local Privilege Escalation
Common Desktop Environment 2.1 20 Solaris 7.0 - dtspcd Local Privilege Escalation !/bin/sh source: https://www.securityfocus.com/bid/636/info This explanation is quoted from the initial post on this problem by Job De Hass. This message is available in its entirety in the 'Credit' section of this...
Common Desktop Environment 2.1 20 / Solaris 7.0 - 'dtspcd' Local Privilege Escalation
!/bin/sh source: https://www.securityfocus.com/bid/636/info This explanation is quoted from the initial post on this problem by Job De Hass. This message is available in its entirety in the 'Credit' section of this vulnerability entry. The CDE subprocess daemon /usr/dt/bin/dtspcd contains an...
Solaris 7.0 usrbinmail - -m Local Buffer Overflow
Solaris 7.0 usrbinmail - -m Local Buffer Overflow // source: https://www.securityfocus.com/bid/672/info A buffer overflow vulnerability in the '/usr/bin/mail' program's handling of the '-m' command line argument allows local users to obtain access to the 'mail' group. / Generic Solaris x86 exploi...
Solaris 7.0 /usr/bin/mail - '-m' Local Buffer Overflow
// source: https://www.securityfocus.com/bid/672/info A buffer overflow vulnerability in the '/usr/bin/mail' program's handling of the '-m' command line argument allows local users to obtain access to the 'mail' group. / Generic Solaris x86 exploit program by Brock Tellier For use against any x86...
CVE-1999-1023
useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" expiration date argument, which could allow users to login after their accounts have expired...
Sun Solaris 7.0 - usrdtbindtprintinfo Local Buffer Overflow
Sun Solaris 7.0 - usrdtbindtprintinfo Local Buffer Overflow / source: https://www.securityfocus.com/bid/249/info The dtprintinfo is a setuid commands open the CDE Print Manager window. A stack based buffer overflow in the handling of the "-p" option allow the execution of arbitrary code as root...