EUVD-2004-1388

Malware in sbrugna...

EUVD-2004-1026

Malware in sbrugna...

iDefense Security Advisory 07.30.08: SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability

iDefense Security Advisory 07.30.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 30, 2008 I. BACKGROUND SAP's MaxDB is a database software product. MaxDB was released as open source from version 7.5 up to version 7.6.00. Later versions are no longer open source but are available for...

CVE-2004-1028

Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod...

CVE-2004-1329

The CVE describes an untrusted execution path vulnerability in IBM AIX 5.1–5.3: the diag commands (lsmcode, diag_exec, invscout, invscoutd) can be coerced into running arbitrary code when the DIAGNOSTICS environment variable is modified to reference a malicious Dctrl program. Affected components/...

CVE-2004-1028

Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod...

CVE-2004-1028

CVE-2004-1028 describes a local privilege-escalation in IBM AIX chcod. The setuid root chcod on AIX 5.1.0/5.2.0/5.3.0 trusts PATH and invokes an external program named “grep.” If a local attacker can place a malicious grep in a directory in PATH and run chcod, arbitrary code could be executed wit...

CVE-2004-1054

Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout...