CVE-2005-0134

The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly create socket directories in /tmp, which could allow attackers to hijack local sockets...

CVE-2005-1632

Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/...

CVE-2005-1632

CVE-2005-1632 affects Cheetah 0.9.15 and 0.9.16. The root cause is that the runtime searches /tmp for modules before honoring PYTHONPATH, enabling a local attacker to execute arbitrary code via a malicious module placed in /tmp/. The linked Red Hat and Debian trackers echo this same issue. No exp...

[Full-disclosure] MySQL < 4.0.12 && MySQL <= 5.0.4 : Insecure tmp file handling

MySQL mysqlinstalldb data manipulation vendor: http://www.mysql.com advisory: http://www.zataz.net/adviso/mysql-05172005.txt vendor informed: yes exploit available:no MySQL contain a security flaw how could allow a malicious local attacker to inject arbitrary SQL commands during database creation...

CVE-2005-0106

SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGDPATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file...

HP-UX PHCO_29697 : HP-UX Running shar(1), Local Execution of Arbitrary Code (HPSBUX00304 SSRT3639 rev.2)

s700800 11.04 VVOS shar1 cumulative patch : shar1 creates tmp files insecurely. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extracted from HP patch PHCO29697. The text itself is copyright C Hewlett-Packard Development Company, L.P...

freebsd/x86 execve /tmp/sh 34 bytes

No description provided by source. / FreeBSD shellcode - execve /tmp/sh Claes M. Nyberg 20020120 [email protected], [email protected] / / void main asm" xorl %eax, %eax eax = 0 pushl %eax string ends with NULL pushl $0x68732f2f push 'hs//' //sh pushl $0x706d742f push 'pmt/' /tmp movl %esp...

os-x/PPC create /tmp/suid 122 bytes

No description provided by source. / PPC OSX/Darwin Shellcode by B-r00t. 2003. Does open; write; close; exit; See ASM below. 122 Bytes. / char shellcode = "\x7c\xa5\x2a\x79\x40\x82\xff\xfd" "\x7f\xe8\x02\xa6\x39\x1f\x01\x71" "\x39\x08\xfe\xf4\x7c\xa8\x29\xae" "\x38\x7f\x01\x68\x38\x63\xfe\xf4"...

freebsd/x86 chown 0:0 , chmod 6755 & execve /tmp/sh 44 bytes

freebsd/x86 chown 0:0 , chmod 6755 & execve /tmp/sh 44 bytes. Shellcode exploit for freebsdx86 platform / FreeBSD shellcode chown"/tmp/sh", 0, 0; chmod"/tmp/sh", 06755; 44 bytes Claes M. Nyberg 20020209 , / / void mainvoid asm" xor %eax, %eax eax = 0 pushl %eax string ends with NULL pushl...

freebsd/x86 - execve /tmp/sh 34 bytes

freebsd/x86 execve /tmp/sh 34 bytes. Shellcode exploit for freebsdx86 platform / FreeBSD shellcode - execve /tmp/sh Claes M. Nyberg 20020120 , / / void main asm" xorl %eax, %eax eax = 0 pushl %eax string ends with NULL pushl $0x68732f2f push 'hs//' //sh pushl $0x706d742f push 'pmt/' /tmp movl %es...

GLSA-200404-01 : Insecure sandbox temporary lockfile vulnerabilities in Portage

The remote host is affected by the vulnerability described in GLSA-200404-01 Insecure sandbox temporary lockfile vulnerabilities in Portage A flaw in Portage's sandbox wrapper has been found where the temporary lockfiles are subject to a hard-link attack which allows linkable files to be...

PT-2004-1421 · Ca · Etrust Inoculateit

Name of the Vulnerable Software and Affected Versions: eTrust InoculateIT for Linux version 6.0 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on files in /tmp, specifically through the inoregupdate, uniftest, or unimove scripts. Recommendations: For...

HP-UX shar utility creates files with predictable names in "/tmp" directory

Overview The shar program distributed with some versions of the HP-UX operating system creates files insecurely. This vulnerability could allow local users to gain escalated privilege on the system. Description shar is a program commonly available on UNIX systems to create a shell script that wil...

OpenServer 5.0.5 : Insecure creation of files in /tmp

To: [email protected] [email protected] [email protected] etsys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SCO Security Advisory Subject: OpenServer 5.0.5 : Insecure creation of files in /tmp Advisory number: CSSA-2003-SCO.27 Issue date: 2003 October 20 Cross...

DEBIAN-CVE-2003-0136

psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file...

CVE-2002-0377

Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files...

Matlab /tmp usage

INTRODUCTION MATLAB is "The Language of Technical Computing" http://www.mathworks.com/ PROBLEM As installed on UNIX machines, matlab uses shell scripts to launch; these scripts use files in /tmp in an unsafe way. DETAILS The matlab script uses /tmp/$$a and may clobber it, allowing an attacker to...

CVE-2002-0141

Maelstrom GPL 3.0.1 is affected by CVE-2002-0141: a local user can overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file. Root cause is a symlink race condition. The provided documents describe the vulnerability but do not include a remediation or patched vers...

cvs recompiled against updated zlib + /tmp fix

New cvs packages are available to fix security problems. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Mon Mar 11 17:54:12 PST 2002 patches/packages/cvs.tgz: Patched to link to the shared zlib on the system instead of statically linking to the included zlib...

CVE-2001-1012

CVE-2001-1012 affects the screen utility prior to version 3.9.10. The issue is described as a multi-attach error that allows local users to gain root privileges when there is a subdirectory under /tmp/screens/. The connected sources confirm the affected component and the local-privilege escalatio...