Joe Text Editor 2.8 - '.joerc' Arbitrary Command Execution

source: https://www.securityfocus.com/bid/2437/info Joe is a text editor originally written by Joseph Allen. Joe offers a user-friendly interface, with key binding and configuration familiar to many users of Microsoft Word Processing tools. A problem in the sourcing of the .joerc file could lead ...

CVE-2001-0040

APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file...

OpenBSD ftpd 2.62.7 - Remote Overflow

OpenBSD ftpd 2.62.7 - Remote Overflow / h0h0h0 0-day k0d3z Exploit by Scrippie, help by dvorak and jimjones greets to sk8 Not fully developt exploit but it works most of the time ; Things to add: - automatic writeable directory finding - syn-scan option to do mass-scanning - worm capabilities?...

Проблема в apcupsd

Создается открытый на запись файл, в который записывается pid процесса. Это позволяет подменить pid, в результате чего при попытке остановить демон будет убит другой процесс...

StarOffice 5.2 Temporary Dir Vulnerability

Hi, A while back I noticed that StarOffice 5.2 running under Linux and Solaris creates a temporary directory under /tmp with the name "soffice.tmp" with permissions 0777. I figured there had to be some security issue here so I had a further look and noticed that there were files created under her...

CVE-2000-0714

umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable files...

CVE-2000-0494

Veritas Volume Manager creates a world writable .serverpids file, which allows local users to add arbitrary commands into the file, which is then executed by the vmsaserver script...

CVE-2000-0515

The snmpd.conf configuration file for the SNMP daemon snmpd in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges...

Netscape iCal 2.1 Patch2 - iPlanet iCal iplncal.sh Permissions

Netscape iCal 2.1 Patch2 - iPlanet iCal iplncal.sh Permissions source: https://www.securityfocus.com/bid/1768/info Netscape's iPlanet iCal application is a network based calendar service built for deployment in organizations which require a centralized calendar system. Certain versions of iCal sh...

Дырки в iCal

При установки отключается X-авторизация, кроме того файлы устанавливаются открытыми на запись...

Netscape iCal 2.1 Patch2 - iPlanet iCal 'iplncal.sh' Permissions

source: https://www.securityfocus.com/bid/1768/info Netscape's iPlanet iCal application is a network based calendar service built for deployment in organizations which require a centralized calendar system. Certain versions of iCal ship with a vulnerability introduced in the installation process...

CVE-2000-0714

umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable files...

GNOME esound 0.2.19 - Unix Domain Socket Race Condition

GNOME esound 0.2.19 - Unix Domain Socket Race Condition source: https://www.securityfocus.com/bid/1659/info EsounD, part of the GNOME desktop environment, is a server process allowing several applications to share the same sound hardware. Versions of esound up to and including 0.2.19 create a...

GNOME esound 0.2.19 - Unix Domain Socket Race Condition

source: https://www.securityfocus.com/bid/1659/info EsounD, part of the GNOME desktop environment, is a server process allowing several applications to share the same sound hardware. Versions of esound up to and including 0.2.19 create a world-writable directory /tmp/.esd which is also used to...

FreeBSD-SA-00:45.esound

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:45 Security Advisory FreeBSD, Inc. Topic: esound port allows file permissions to be modified Category: ports Module: esound Announced: 2000-08-31 Credits: Brian Feldman...

Advisory: mgetty local compromise

Author : Stan Bubrouski Date : August 26, 2000 Package : mgetty Versions affected : 1.1.22, 1.1.21 and prior at least back to 1994 Severity : faxrunqd follows symbolic links when creating certain files. The default location for the files is /var/spool/fax/outgoing, which is a world-writable...

Trustix security advisory - apache-ssl

Hi Due to a typo in the rpm spec file for apache-ssl, /usr/sbin/httpsd on a Trustix system will be installed with mode 756 instead of 755, making a binary file that will be run by root world writable. It should not be necessary to explain why this is an extremely bad thing. How this bug slipped...

Дырка в Apache-ssl из Trustix

Из-за ошибки в скрипте инсталляции часть исполняемых файлов устанавливается открытыми на запись...

FlagShip v4.48.7449 premission vulnerability

Content-Type: premission/vulnerability Date : 09/08/2000 16:05 Sender : Narrow [email protected] Subject : FlagShip v4.48.7449 premission vulnerability X-System : Red Hat 6.0 X-Status : Narrow-ADV-08 DESCRIPTION FlagShip is a cross-platform database development system, fully compatible to Clipper,...

VariCAD 7.0 premission vulnerability

Content-Type: premission/vulnerability Date : 10/08/2000 18:34 Sender : Narrow [email protected] Subject : VariCAD 7.0 premission vulnerability X-System : Red Hat 6.0 X-Status : Narrow-ADV-07 DESCRIPTION VariCAD is a CAD for mechanical engineering for both 2D and 3D. VariCAD 7.0 is shipped with Re...