at is a freely available, open source scheduler package. It is included with various Unix and Linux operating systems, and maintained by public domain. Under some circumstances, at does not correctly handle time input. A local user attempting to schedule a task via commandline execution and using a maliciously crafted time format can cause heap corruption in at. As the at program is installed setuid root in most implementations, this could result in the execution of arbitrary code with administrative privileges.
It is possible to cause a denial of service to Sambar Server by sending consecutive excessively long requests to the 'cgitest.exe' sample script.
Under some circumstances, sudo does not properly sanitize the environment it executes programs with. In the event that sudo is used to run a program such as an MTA with root privileges, this could result in a local user passing unsafe data to the program via environment variables. From these environment variables the user may be able to execute commands as root, and potentially gain elevated privileges.
Imlib2 is a freely available, open source graphics library available for the Linux and Unix operating systems. It is maintained by Michael Jennings. Imlib2 is installed on many operating systems and linked with graphical programs such as Eterm. Some programs linked with the library are setuid, such as Eterm which is a setuid utmp program. In some cases, a buffer overflow in the $HOME environment variable may occurs, such as when the $HOME environment variable is filled with 4128 bytes and Eterm is executed. This can allow a local user to overwrite stack variables up through the return address, and execute arbitrary code. As the Eterm program is setgid utmp, this code would be executed with utmp privileges.
Due to a buffer overflow vulnerability in John Roy Pi3Web web server, it is possbile for an attacker to cause the server to stop responding and possibly execute code. Reportedly the problem is due to the CGI parameter's handling of unusually crafted requests.
CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. When CDRDAO saves its configuration to the .cdrdao file in a user's home directory, the file is saved with root ownership. Additionally, CDRDAO does not check for the previous existence of this file. Since the cdrdao executable is typically installed setuid root, it is possible for a user to create this file as a symbolic link, which could result in the overwriting of root-owned files, or potentially allow the user execute commands as root.
CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. When CDRDAO saves its configuration to the .cdrdao file in a user's home directory, the file is saved with root ownership. Additionally, CDRDAO does not check for the previous existence of this file. Since the cdrdao executable is typically installed setuid root, it is possible for a user to create this file as a symbolic link, which could result in the overwriting of root-owned files, or potentially allow the user execute commands as root.
FreeWnn 1.1.0 is a kana-kanji (japanese) translation system. This software is a client-server type application, with the jserver portion acting as a server and performing translations for clients. The jserver component passes unsanitized input from the client via the JS_MKDIR command to a system() libcall, allowing arbitrary command execution with the semi-colon ';' command separation metacharacter. Commands sent in this manner will be executed at the privilege level of the jserver process.
Snort is a network intrusion detection system (IDS) that is vulnerable to a maliciously constructed ICMP packet. If the packet is received, the daemon will crash and require a restart to regain normal functionality. The exploit can be triggered by sending a ping packet with a size of 1 byte.
When a user connects to the system via the web administration interface on port 8081, and issues an HTTP standard-compliant request to the system, the system will prevent the user from accessing any information managed by the cache server. However, a user connecting to the system and issuing a request without the HTTP version request type (i.e. HTTP/1.0 or HTTP/1.1) multiple times may gain access to sensitive information. The cache server will leak information such as parts of URLs being accessed by a client currently connected to the cache server.
Services By CQR