79 results (0.012 seconds)

CVSS: 4.6EPSS: 0%CPEs: 10EXPL: 0

VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem. VERITAS File System (VxFS) v3.3.3, v3.4, y v3.5 anterior a MP1 Rolling Patch 02 para Sun Solaris v2.5.1 a la v9, no implementa adecuadamente la herencia de las ACLs por defecto en determinadas circunstancias relacionadas con las características de un directorio inode, lo que permite a usuarios locales evitar las restricciones de acceso a archivos establecidas accediendo a un archivo sobre un sistema de ficheros VxFS. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-113207-05-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200161-1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison. Error de presencia de signo entero en la función ip_set_srcfilter en el IP Multicast Filter en uts/common/inet/ip/ip_multi.c en el kernel de Sun Solaris 10 y OpenSolaris anterior a snv_92, permite a usuarios locales ejecutar código de su elección en otras "Solaris Zones" a través de una petición SIOCSIPMSFILTER IOCTL con un valor largo del campo imsf->imsf_numsrc, que dispara una escritura de memoria del kernel fuera de rango. NOTA: esto ha sido reportado como un desbordamiento de entero, pero el origen del problema implica una comparación de signo que no se realiza. • http://secunia.com/advisories/30693 http://sunsolve.sun.com/search/document.do?assetkey=1-26-237965-1 http://www.securityfocus.com/bid/29699 http://www.securitytracker.com/id?1020283 http://www.trapkit.de/advisories/TKADV2008-003.txt http://www.vupen.com/english/advisories/2008/1832/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43068 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5731 • CWE-189: Numeric Errors •

CVSS: 3.6EPSS: 0%CPEs: 14EXPL: 0

Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-100881-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-27525-1 http://www.ciac.org/ciac/bulletins/p-264.shtml http://www.osvdb.org/18809 http://www.securityfocus.com/bid/13016 •

CVSS: 10.0EPSS: 4%CPEs: 77EXPL: 0

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201. Múltiples desbordamientos de búfer en Samba anteriores a 2.2.8a puede permitir a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio, descubierto por el equipo de Samba y una vulnerabilidad distinta de CAN-2003-0201. • http://marc.info/?l=bugtraq&m=104973186901597&w=2 http://marc.info/?l=bugtraq&m=104974612519064&w=2 http://www.debian.org/security/2003/dsa-280 http://www.mandriva.com/security/advisories?name=MDKSA-2003:044 http://www.redhat.com/support/errata/RHSA-2003-137.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A564 https://access.redhat.com/security/cve/CVE-2003-0196 https://bugzilla.redhat.com/show_bug.cgi?id=1617001 •

CVSS: 10.0EPSS: 97%CPEs: 81EXPL: 14

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. Desbordamiento de búfer en la función call_trans2open en trans2.c de Samba 2.2.x anteriores a 2.2.8a, 2.0.10 y versiones anteriores 2.0.x, y Samba-TNG anteriores a de 0.3.2, permite a atacantes remotos ejecutar código arbitrario. • https://www.exploit-db.com/exploits/16880 https://www.exploit-db.com/exploits/55 https://www.exploit-db.com/exploits/7 https://www.exploit-db.com/exploits/16861 https://www.exploit-db.com/exploits/10 https://www.exploit-db.com/exploits/16876 https://www.exploit-db.com/exploits/9924 https://www.exploit-db.com/exploits/16330 https://www.exploit-db.com/exploits/22469 https://www.exploit-db.com/exploits/22471 https://www.exploit-db.com/exploits/22470 https: •