The encrypted passwords for Remote.NLM can be decrypted easily using pencil and paper. The password structure and encryption algorithm are explained in detail.
The rmail utility included in SGI Irix operating system is vulnerable to arbitrary command execution. This vulnerability occurs due to a lack of input validation on the contents of an environment variable. An attacker can exploit this vulnerability to execute arbitrary commands with the gid mail privilege level. The rmail utility is commonly used with uucp.
The pset utility, as shipped by SGI with Irix 5.x and 6.x through 6.3, contains a buffer overflow, which can allow any user on the system to execute arbitrary code on the machine as root. Pset is used to configure and administer processor groups in multiprocessor systems. By supplying a well crafted, long buffer as an argument, the return address on the stack is overwritten, allowing an attacker to execute code other than that which was intended.
By using the '-h' flag in the lquerypv command, an attacker can read any file on the file system in hex format.
Lattice Diamond Programmer is vulnerable to client-side attacks, allowing remote attackers to run arbitrary code by sending specially crafted '.xcf' files.
A nonprivileged user can crash any 32 or 64-bit non-Intel machine running Solaris 7 by executing the 'more /proc/self/psinfo' command. This vulnerability is caused by a bug in the Solaris 7 procfs.
This exploit takes advantage of a buffer overflow vulnerability in Mini-stream Software's URL Hunter software. It bypasses the DEP (Data Execution Prevention) protection mechanism. The exploit code allows an attacker to execute arbitrary code by overwriting the return address with a shellcode. The shellcode calls the MessageBoxA function to display the message 'PWNED by Ayrbyte...! ^_^'.
This module exploits a stack buffer overflow in iTunes 10.4.0.80 to 10.6.1.7. When opening an extended .m3u file containing an '#EXTINF:' tag description, iTunes will copy the content after '#EXTINF:' without appropriate checking from a heap buffer to a stack buffer and write beyond the stack buffers boundary. This allows arbitrary code execution. The Windows XP target has to have QuickTime 7.7.2 installed for this module to work. It uses a ROP chain from a non safeSEH enabled DLL to bypass DEP and safeSEH. The stack cookie check is bypassed by triggering a SEH exception.
The vulnerability in the pkgadjust utility allows an attacker to compromise the root account. By using a specially crafted program, the attacker can gain root privileges on the system.
It is possible to cause a denial of service (remote and local) through generating old, obscure kernel messages (not terminated with ) in klogd. The problem exists because of a buffer overflow in the klogd handling of kernel messages. It is possible to gain local root access through stuffing shellcode into printk() messages which contain user-controllable variables (eg, filenames). What makes this problem strange, however, is that it was fixed two years ago. Two of the most mainstream linux distributions (Slackware Linux and RedHat Linux), up until recently, are known to have been shipping with the very old vulnerable version. Fixes and updates were released promptly. There is no data on other distributions.
Services By CQR