qpopper -- multiple privilege escalation vulnerabilities

Jens Steube reports that qpopper is vulnerable to a privilege escalation vulnerability. qpopper does not properly drop root privileges so that user supplied configuration and trace files can be processed with root privileges. This could allow a local attacker to create or modify arbitrary files...

Qpopper: Multiple Vulnerabilities

Background Qpopper is a widely used server for the POP3 protocol. Description Jens Steube discovered that Qpopper doesn't drop privileges to process local files from normal users CAN-2005-1151. The upstream developers discovered that Qpopper can be forced to create group or world writeable files...

USN-75-1: cpio vulnerability

Recently it was discovered that cpio created world-writeable files when used in -o/--create mode with giving an output file with -O. This allowed any user to modify the created cpio archives. Now cpio respects the current umask setting of the user. Note: This vulnerability has already been fixed ...

GLSA-200410-10 : gettext: Insecure temporary file handling

The remote host is affected by the vulnerability described in GLSA-200410-10 gettext: Insecure temporary file handling gettext insecurely creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create symbolic links in the temporary files...

php -- vulnerability in RFC 1867 file upload processing

Stefano Di Paola discovered an issue with PHP that could allow someone to upload a file to any directory writeable by the httpd process. Any sanitizing performed on the prepended directory path is ignored. This bug can only be triggered if the $FILES element name contains an underscore...

CVE-2003-0150

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf...

CVE-2003-0150

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf...

MySQL allows default user to be changed to root via custom "my.cnf" file

Overview MySQL reads configuration options from world-writeable files. This can lead to a remote user gaining elevated privileges. Description A message posted to the bugtraq mailing list details a vulnerability affecting versions of MySQL prior to 3.23.56. MySQL would permit users with 'FILE'...

Sun Cobalt RaQ 4.0 - Predictable Temporary Filename Symbolic Link Attack

Sun Cobalt RaQ 4.0 - Predictable Temporary Filename Symbolic Link Attack source: https://www.securityfocus.com/bid/5529/info A vulnerability has been reported in Cobalt RaQ that may allow attackers to obtain elevated privileges. The vulnerability exists in the /usr/lib/authenticate utility which ...

SSH2 3.0 - Restricted Shell Escape (Command Execution)

source: https://www.securityfocus.com/bid/4547/info SSH and derivatives is the protocol Secure Shell protocol implementation. It is available for various operating systems, although this vulnerability affects operating systems such as Unix and Linux. It has been reported that it is possible for a...

SSH2 3.0 - Restricted Shell Escape (Command Execution)

SSH2 3.0 - Restricted Shell Escape Command Execution source: https://www.securityfocus.com/bid/4547/info SSH and derivatives is the protocol Secure Shell protocol implementation. It is available for various operating systems, although this vulnerability affects operating systems such as Unix and...

CVE-2001-0859

2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions...

[ Hackerslab bug_paper ] Xkas application vulnerability

============================================================================= Hackerslab bugpaper Xkas application vulnerability ============================================================================= File : /usr/etc/appletalk/xkas application SYSTEM : tested irix 6.5 INFO : Xkas is a serve...

CVE-2001-0859

2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions...

varitas.solaris.txt

Summary ------- Veritas Volume Manager 3.0.x for Solaris contains a security hole which can, under specific circumstances, allow local users to gain root access. Details ------- When a system with Veritas Volume Manger 3.0.x installed boots, the initialization script for the Storage Administrator...

CVE-1999-1350

CVE-1999-1350 relates to ARCAD Systemhaus 0.078-5, where critical programs and files were installed with world-writeable permissions. This local issue could let an unprivileged user gain privileges by replacing a legitimate program with a Trojan horse. The available sources describe the vulnerabi...

CVE-1999-1350

ARCAD Systemhaus 0.078-5 installs critical programs and files with world-writeable permissions, which could allow local users to gain privileges by replacing a program with a Trojan horse...

CVE-1999-1071

Excite for Web Servers EWS 1.1 installs the Architext.conf authentication file with world-writeable permissions, which allows local users to gain access to Excite accounts by modifying the file...

CVE-1999-1460

BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target file as the second argument to the snmpmagt program...

CVE-2001-0135

The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs...