9447 matches found
Solaris 8 libsldap - Local Buffer Overflow (1)
Solaris 8 libsldap - Local Buffer Overflow 1 // source: https://www.securityfocus.com/bid/2931/info Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid...
CVE-2001-1148
Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to 1 atcronsh, 2 auditsh, 3 authsh, 4 backupsh, 5 lpsh, 6 sysadm.menu, or 7 termsh...
Дырки в утилитах Unixware (buffer overflow)
Переполнение буфера во многих утилитах Unixware 7.1, включая Sgid bin rtpm, при длинной shell-переменной TERM...
XFree86 X11R6 3.3.2 XMan - ManPath Environment Variable Buffer Overflow
XFree86 X11R6 3.3.2 XMan - ManPath Environment Variable Buffer Overflow source: https://www.securityfocus.com/bid/3030/info xman is a component included with the XFree86 Window System. A buffer overflow in the handling of the MANPATH environment variable by xman makes it possible for a local user...
Solaris 8 mailtool - Local Buffer Overflow
// source: https://www.securityfocus.com/bid/2787/info The mailtool program included with OpenWindows in Solaris, contains a buffer overflow vulnerability which may allow local users to execute arbitrary code/commands with group 'mail' privileges. The overflow occurs when a string exceeding...
CVE-2001-0426
CVE-2001-0426 describes a buffer overflow in the dtsession component affecting Solaris (and possibly other OSes) that lets local users gain privileges when a long LANG environment variable is processed. The vulnerability is triggered by excessively long LANG values, leading to privilege escalatio...
CVE-2001-0426
Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable...
glibc unsetenv fails to properly handle environment variables passed more than once to a program
Overview The glibc implementation of unsetenv fails to properly remove one of two successive occurrences of the same environment variable if the variable is redundently passed to a program. Description The glibc implementation of unsetenv, if called to remove an environment variable that occurs t...
CVE-2001-0170
glibc 2.1.9x and earlier does not properly clear the RESOLVHOSTCONF, HOSTALIASES, or RESOPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files...
CVE-2001-0110
Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY environmental variable...
CVE-2001-0110
CVE-2001-0110 describes a buffer overflow in jazip (Zip/Jaz drive manager) that allows local users to gain root privileges by supplying a long DISPLAY environment variable. OpenVAS/DSA references confirm Debian jazip packages were vulnerable and later fixed; the advisory notes a workaround: the p...
Дырки в различных утилитах под Solaris (buffer overflow)
Классическое переполнение буфера при разборе командной строки и переменных среды окружения...
Solaris ipcs vulnerability
Solaris ipcs vulnerability Release Date: April 11, 2001 Systems Affected: Solaris 7 x86 Other versions of Solaris are most likely affected also. Discovered by: Riley Hassell [email protected] Description: We have discovered a buffer overflow in the /usr/bin/i86/ipcs utility provided with Solaris 7...
Solaris 7.08 - IPCS Timezone Buffer Overflow
Solaris 7.08 - IPCS Timezone Buffer Overflow source: https://www.securityfocus.com/bid/2581/info Solaris is the variant of the UNIX Operating System distributed by Sun Microsystems. Solaris is designed as a scalable operating system for the Intel x86 and Sun Sparc platforms, and operates on...
SGI IRIX 6.5 Solaris 7.08 CDE - usrdtbindtsession Local Buffer Overflow
SGI IRIX 6.5 Solaris 7.08 CDE - usrdtbindtsession Local Buffer Overflow / source: https://www.securityfocus.com/bid/2603/info The CDE Session Manager 'dtsession' is vulnerable to a buffer overflow that could yield root privileges to an attacker. The bug exists in dtsession's LANG environment...
SGI IRIX 6.5 / Solaris 7.0/8 CDE - '/usr/dt/bin/dtsession' Local Buffer Overflow
/ source: https://www.securityfocus.com/bid/2603/info The CDE Session Manager 'dtsession' is vulnerable to a buffer overflow that could yield root privileges to an attacker. The bug exists in dtsession's LANG environment variable parser. If an overly long LANG variable is set and dtsession is...
Solaris Xsun buffer overflow vulnerability
Solaris Xsun buffer overflow vulnerability Discovered and exploited by: Riley Hassell [email protected] Release Date: April 10, 2001 Systems Affected: Solaris 7/8 x86 and sparc Description: Yet some more Solaris spring cleaning... A buffer overflow was discovered in Xsun. Since Xsun is SUID root,...
Solaris 2.x7.08 - Xsun HOME Buffer Overflow
Solaris 2.x7.08 - Xsun HOME Buffer Overflow // source: https://www.securityfocus.com/bid/2561/info The X11 server that ships with Sun Microsystems' Solaris, Xsun, contains a locally exploitable buffer overflow vulnerability. The condition is present when the value of the HOME environment variable...
Solaris 2.x/7.0/8 - Xsun HOME Buffer Overflow
// source: https://www.securityfocus.com/bid/2561/info The X11 server that ships with Sun Microsystems' Solaris, Xsun, contains a locally exploitable buffer overflow vulnerability. The condition is present when the value of the HOME environment variable is of excessive length more than 1050 bytes...
Possible IE5.0 exposure of local environment variables
I ran across this today, anyone have any thoughts? I'm using a moderately patched IE 5.0 browser on NT 4.0 SP5 workstation. Couldn't find any reference to this in the archives, but maybe it's been covered before. I type in the url www.home.com/computername & press enter, then and IE actually...