| |
[[-irix
6.2-]] |
|
| |
| [-local-] |
[-description-] |
[-author-] |
| addnetpr.sh |
addnetpr race condition |
jaechul choe |
| at |
users can mail themselves
/etc/shadow |
j.a. gutierrez |
| cdplayer |
race conditions allow
local root shell |
unknown |
| crazymonkey.sh |
users can save a rootshell
into /tmp |
loneguard |
| csetup |
csetup follows symlinks,
allows local root exploit |
jay |
| daynotify.sh |
bad/insecure execve()
call |
mike neuman |
| df.c / df2.c
/ df3.c |
command line parsing
buffer overflow |
[multiple] |
| dmplay.c |
command line parsing
buffer overflow |
lsd |
| dp.c |
command line parsing
buffer overflow |
dcrh |
| dutman.c |
unchecked argument control
exploit |
unknown |
| eject.c / eject2.c
/ eject3.c |
command line parsing
buffer overflow |
[multiple] |
| gmemusage.sh |
gmemusage libc system()
function vulnerability |
lsd |
| gr_osview.c |
-D command line parsing
buffer overflow |
lsd |
| libc.c |
libc.so library NLSPATH
environment buffer overflow |
lsd |
| libgl.c |
libgl.so library HOME
environment buffer overflow |
lsd |
| libxaw.c |
libXaw.so library X
environment buffer overflow |
lsd |
| libxt.c / libxt2.c |
libXt.so library buffer
overflow vulnerability |
lsd |
| login.c |
command line parsing
buffer overflow |
lsd |
| mail.c |
mail LOGNAME environment
buffer overflow |
lsd |
| netprint |
bad system() call allows
priveledge lp gain |
yuri volobuev |
| ordist.c |
command line parsing
buffer overflow |
lsd |
| perm.c |
permissions enviroment
overflow |
dcrh |
| permissions.c |
command line parsing
buffer overflow |
lsd |
| printers.c |
-xrm argument overflow |
dcrh |
| pset.c / pset2.c |
pset -s argument overflow |
[multiple] |
| rlogin.c |
term environment buffer
overflow vulnerability |
lsd |
| rmail |
system() call allows
command execution as root |
yuri volobuev |
| serialport.sh |
race conditions with
suid administration scripts |
unknown |
| sexec.sh |
suid_exec environment
exploit |
unknown |
| spaceware.sh |
enviroment HOSTNAME
local exploit |
j.a. gutierrez |
| systour.sh
|
race condition allows
command execution |
unknown |
| xlock.c / xlock2.c |
command line parsing
buffer overflow |
[multiple] |
| xterm.c |
command line parsing
buffer overflow |
dcrh |
| |
| [-remote-] |
[-description-] |
[-author-] |
| arrayd.c |
arrayd service authentication
vulnerability |
lsd |
| binds.c / named.c
/ named2.c |
dns iquery buffer overflow
vulnerability |
lsd |
| handler |
handle.cgi allows remote
command execution |
unknown |
| irixpop.tgz |
remote exploit for ucb
pop server (version 1.831) |
lsd |
| objectserver.c
/ objectserver2.c |
objectserver protocol
remote management vulnerability |
lsd |
| pfdispaly |
allows users to view
files remotely |
j.a. gutierrez |
| rpc_ttdbserverd.c |
rpc.ttdbserverd daemon
buffer overflow vulnerability |
lsd |
| telnetd.c |
format strings vulnerability |
lsd |
| pmap.tools.tgz |
users can insert and
delete entries by spoofing a source address |
patrick gilbert |
|
webdist-cgi
|
webdest.cgi allows remote
command execution |
unknown |
| |
| [-dos-] |
[-description-] |
[-author-] |
| truncate.c |
does'nt check privileges
correctly before truncating files |
lsd |
| |