CVE-2022-37704

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...

CVE-2019-12522

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leavesuid call. leavesuid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child proces...

VMWare Fusion - Local Privilege Escalation

Local Privilege Escalation via VMWare Fusion Overview: A directory traversal vulnerability in VMware Fusion's SUID binaries can allow an attacker to run commands as the root user. Tested Versions: VMware Fusion 10.1.3 9472307 on macOS 10.13.6 VMware Fusion 11.0.0 10120384 on macOS 10.14.1 VMware...

Rational Software ClearCase for Unix 3.2 ClearCase SUID Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/538/info Rational Software's ClearCase product includes a vulnerability whereby an unprivileged user can have any readable executable set to SUID root.. A 1.5 meg file is copied and then chmod'ed to SUID, and during the...

Oracle 8 oratclsh Suid Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/159/info Oracle8 is an enterprise level database. As part of the Internet Agent option installation process it installs the file $ORACLEHOME/bin/oratclsh as suid root. oratclsh is a TCL application that provides full acce...

GemStone/S 6.3.1 (stoned) Local Buffer Overflow Exploit

Exploit for linux platform in category local exploits ======================================================= GemStone/S 6.3.1 stoned Local Buffer Overflow Exploit ======================================================= / wonderfulcaricatureofexploitability.c AKA GemStone/S 6.3.1 "stoned" Local...

Important: Red Hat Security Advisory: autofs security update

Updated autofs packages are now available to fix a security flaw for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The autofs utility controls the operation of the automount daemon, which automatically mounts and...

CVE-2005-3546

suid.cgi scripts in F-Secure 1 Internet Gatekeeper for Linux before 2.15.484 and 2 Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain privilege...

suid xman 3.1.6 overflows

xman from at least X11R6-contrib-3.3.2-3.i386.rpm suffers from a classic overflow [email protected] is noted as the packager of this RPM. I do not know the author. root@linux lib ls -al which xman -rwxr-sr-x 1 root man 41076 Jun 17 1998 /usr/X11R6/bin/xman root@linux lib xman root@linux li...

dump 0.4b15 - Local Privilege Escalation

dump 0.4b15 - Local Privilege Escalation !/bin/sh Redhat 6.2 dump command executes external program with suid priviledge. Discovered by Mat Written for and by a scriptkid Tasc ;P Remember, there's no cure for BSE echo "dump-0.4b15 root exploit" echo "Discovered by Mat " echo...

Problems with cons.saver

Hi, Many systems have a suid on cons.saver which is part of midnight commander package. Standard location of this binary is /usr/lib/mc/bin/cons.saver. There is a bug, which allows luser to write '0' char to any symlinkable file in system. So it can be very destructive, I wrote simple example of...

Rational Software ClearCase for Unix 3.2 - ClearCase SUID

source: https://www.securityfocus.com/bid/538/info Rational Software's ClearCase product includes a vulnerability whereby an unprivileged user can have any readable executable set to SUID root.. A 1.5 meg file is copied and then chmod'ed to SUID, and during the time this file is being copied it c...