|
[[-irix
6.2-]] |
|
|
[-local-] |
[-description-] |
[-author-] |
addnetpr.sh |
addnetpr race condition |
jaechul choe |
at |
users can mail themselves
/etc/shadow |
j.a. gutierrez |
cdplayer |
race conditions allow
local root shell |
unknown |
crazymonkey.sh |
users can save a rootshell
into /tmp |
loneguard |
csetup |
csetup follows symlinks,
allows local root exploit |
jay |
daynotify.sh |
bad/insecure execve()
call |
mike neuman |
df.c / df2.c
/ df3.c |
command line parsing
buffer overflow |
[multiple] |
dmplay.c |
command line parsing
buffer overflow |
lsd |
dp.c |
command line parsing
buffer overflow |
dcrh |
dutman.c |
unchecked argument control
exploit |
unknown |
eject.c / eject2.c
/ eject3.c |
command line parsing
buffer overflow |
[multiple] |
gmemusage.sh |
gmemusage libc system()
function vulnerability |
lsd |
gr_osview.c |
-D command line parsing
buffer overflow |
lsd |
libc.c |
libc.so library NLSPATH
environment buffer overflow |
lsd |
libgl.c |
libgl.so library HOME
environment buffer overflow |
lsd |
libxaw.c |
libXaw.so library X
environment buffer overflow |
lsd |
libxt.c / libxt2.c |
libXt.so library buffer
overflow vulnerability |
lsd |
login.c |
command line parsing
buffer overflow |
lsd |
mail.c |
mail LOGNAME environment
buffer overflow |
lsd |
netprint |
bad system() call allows
priveledge lp gain |
yuri volobuev |
ordist.c |
command line parsing
buffer overflow |
lsd |
perm.c |
permissions enviroment
overflow |
dcrh |
permissions.c |
command line parsing
buffer overflow |
lsd |
printers.c |
-xrm argument overflow |
dcrh |
pset.c / pset2.c |
pset -s argument overflow |
[multiple] |
rlogin.c |
term environment buffer
overflow vulnerability |
lsd |
rmail |
system() call allows
command execution as root |
yuri volobuev |
serialport.sh |
race conditions with
suid administration scripts |
unknown |
sexec.sh |
suid_exec environment
exploit |
unknown |
spaceware.sh |
enviroment HOSTNAME
local exploit |
j.a. gutierrez |
systour.sh
|
race condition allows
command execution |
unknown |
xlock.c / xlock2.c |
command line parsing
buffer overflow |
[multiple] |
xterm.c |
command line parsing
buffer overflow |
dcrh |
|
[-remote-] |
[-description-] |
[-author-] |
arrayd.c |
arrayd service authentication
vulnerability |
lsd |
binds.c / named.c
/ named2.c |
dns iquery buffer overflow
vulnerability |
lsd |
handler |
handle.cgi allows remote
command execution |
unknown |
irixpop.tgz |
remote exploit for ucb
pop server (version 1.831) |
lsd |
objectserver.c
/ objectserver2.c |
objectserver protocol
remote management vulnerability |
lsd |
pfdispaly |
allows users to view
files remotely |
j.a. gutierrez |
rpc_ttdbserverd.c |
rpc.ttdbserverd daemon
buffer overflow vulnerability |
lsd |
telnetd.c |
format strings vulnerability |
lsd |
pmap.tools.tgz |
users can insert and
delete entries by spoofing a source address |
patrick gilbert |
webdist-cgi
|
webdest.cgi allows remote
command execution |
unknown |
|
[-dos-] |
[-description-] |
[-author-] |
truncate.c |
does'nt check privileges
correctly before truncating files |
lsd |
|