iDEFENSE Security Advisory 08.02.04: Netscape version 7.0, 7.1, and Mozilla 1.6 are susceptible to a SOAPParameter constructor integer overflow vulnerability that can allow for arbitrary code execution running in the context of the user running the browser.
88413467e44183e31e567dec2fc2a3d60529654bdf33627a4cbbcf7719b47e98iDEFENSE Security Advisory 12.23.02 - Easy Software Products' Common Unix Printing System (CUPS) and Xpdf contains an integer overflow which allows local users to access to privileges of the lp user.
e81e2a28739ce0e03f0d90790fd5da01dbb23ef7ab8ffd101528dfb6b83c6577iEasy Software Products' Common Unix Printing System (CUPS) vCUPS-1.1.14-5 to 1.1.17 contains an integer overflow in the CUPSd interface which allows attackers to gain the permissions of the LP user and the sys GID. In addition, a race condition allows any file to be overwritten as root. Affected systems include Red Hat 7.3, 8.0, and OS/X 10.2.2.
7c6ba1d4608fa090e656e197e22e24c9627af18d3d3a39b6434f0b189bc7eae8iDEFENSE Security Advisory 10.03.2002 - Apache v1.3 before 1.3.27 contains a vulnerability in its shared memory scoreboard which allows attackers who can execute commands under the Apache UID to either send a (SIGUSR1) signal to any process as root, in most cases killing the process, or launch a local denial of service (DoS) attack.
1b8f434591124f806dbac5b6052e75154ad5df6e848f041cf4b42f88cb0d8f31iDEFENSE Security Advisory 10.01.2002 - It is possible for an attacker to bypass the restrictions imposed by The Sendmail Consortium's Restricted Shell (SMRSH) and execute a binary of his choosing by inserting a special character sequence into his .forward file. Two attack methods both of which are detailed. Patch available here.
e1968987be598ce21fb8b01554f9dd70ecddae77782675c6591f723f39c2dab1iDEFENSE Security Advisory 09.26.2002 - A buffer overflow has been found in gv v3.5. Some mail readers use GV to view pdf's. Other programs that utilize derivatives of gv, such as ggv or kghostview, may also be vulnerable in similar ways.
6e40ecf0cfebaaf7f097fc7f92ba1a5e5282232ee987360efc0149e83a106f35Buffer overflow exploit for gv v3.5.8 on linux which creates the file /tmp/itworked when gv opens the PDF. Some mail readers use GV to view pdf's. Tested on Red Hat 7.3.
17584573625605cf365839d42b6249b81ab8189d3e8207c905c43574b0b985efAttn.tar.gz is a Redhat 7.0 local root exploit which takes advantage of a bug in the at command which allows an attacker to free() user controlled memory. Tested on Redhat 7.0 with the glibc-2.2.4-18.7.0.3 and at-3.1.8-12 packages installed.
68cf6e7dc2b3afc0aa47e66d705351d8b032f2fac0afda3d0b705506d8468181Wu-Ftpd v2.6.1 and below remote root exploit which takes advantage of the SITE EXEC globbing vulnerability. Includes instructions on finding the offset with gdb.
f36854f1f5c3e1528c3b6966411d9d8995bb5081ba3c3e750ff7c8507aa3372cProof of concept netkit-0.17-7 local root exploit. Exploits buffer overflow in the AYT handling of in.telnetd, due to bad logic in the handling of snprintf().
07af0ba46d6de20ca342e399bb7aa78397e7c268f742d6e103c05772650f39daPic / LPRng format string remote exploit. Pic is part of the groff package. It is used by troff-to-ps.fpi as uid lp when perl, troff and LPRng are installed. Tested against Redhat 7.0 (groff-1.16-7).
7f88ccf027b5e0d7c51b9f01279051f34a9d4df2f8d1ae6ccce5a1fbec9db7ffSlackware 8.0 and below ships with /var/man/cat* chmodded 1777, making it vulnerable to symlink attacks. This exploit creates a suid shell with the UID of the user running man.
0fb25cf68a4fba71eceef2ca23db4efbe592af7e1416b2d13051e5e4b6990a46Tstot.c is a remote exploit for xloadimage for Red Hat 7.0. Xloadimage is a Netscape 4.77 helper application with a buffer overflow vulnerability. Binds a shell to a port. Fix available here.
7c5e9b0f582f8b9f8069d43e9559a992dd4b582e20d60a2d78d0443ffbdce520Cfingerd v1.4.3 and below remote root exploit. Slightly broken. Exploit redirects fopen() call to popen() and executes code from ~/.nofinger.
071f4a1a2ce57b1bfa0e3867ce11912d46f52d364d1efbfd8b9ae3b75029765bLpr lpr-0.50-4 and below contains vulnerabilities which allow local users to access other accounts, and sometimes root.
6ab9815eb4979f4f020da0a0b9a0978875d632bc2a0951630c7aef34b390f59a/usr/sbin/userhelper / kbdrate local root exploit - works only at console. Works well for people you know.
f306e4b3197582d95675db9964fb45bc371416bf6ee9795a7888f293e8872bc3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed