CVSS: 10.0EPSS: 79%CPEs: 8EXPL: 7CVE-2003-0466 – FreeBSD 4.8 - 'realpath()' Off-by-One Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0466
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. Error de fuera-por-uno (off-by-one) en la función fb_realpath(), derivada de la función realpath de BSD, pude permitir a atacantes ejecutar código arbitrario, como se ha demostrado en wu-ftpd 2.5.0 a 2.6.2 mediante comandos que causan que nombres de rutas de tamaño MAXPATHLEN+1 disparen un desbordamiento de búfer, incluyendo: (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, y (8) RNTO. • https://www.exploit-db.com/exploits/22976 https://www.exploit-db.com/exploits/78 https://www.exploit-db.com/exploits/74 https://www.exploit-db.com/exploits/22974 https://www.exploit-db.com/exploits/22975 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01 http://isec.pl/vulnerabilities/isec-0011-wu • CWE-193: Off-by-one Error •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 2CVE-2003-0609 – Solaris 2.6/7/8/9 (SPARC) - 'ld.so.1' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2003-0609
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable. Desbordamiento basado en la pila en el enlazador de tiempo de ejecución, ld.so.1 en Solaris 2.6 a 9 permite a usuarios locales ganar privilegios de root mediante una variable de entorno LD_PRELOAD larga. • https://www.exploit-db.com/exploits/1182 https://www.exploit-db.com/exploits/114 http://marc.info/?l=bugtraq&m=105951760418667&w=2 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55680 http://www.idefense.com/advisory/07.29.03.txt http://www.osvdb.org/8722 https://exchange.xforce.ibmcloud.com/vulnerabilities/12755 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3601 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 2CVE-2003-1055 – Sun SUNWlldap Library Hostname - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-1055
Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup. • https://www.exploit-db.com/exploits/4 http://sunsolve.sun.com/search/document.do?assetkey=1-26-52222-1 http://www.auscert.org.au/render.html?it=3224 http://www.ciac.org/ciac/bulletins/n-113.shtml http://www.securityfocus.com/bid/7064 http://www.securitytracker.com/id?1006401 https://exchange.xforce.ibmcloud.com/vulnerabilities/11641 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2003-1067
https://notcve.org/view.php?id=CVE-2003-1067
Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions. • http://secunia.com/advisories/9088 http://sunsolve.sun.com/search/document.do?assetkey=1-26-55420-1 http://www.ciac.org/ciac/bulletins/n-108.shtml http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/bid/64758 http://www.securityfocus.com/bid/7991 https://exchange.xforce.ibmcloud.com/vulnerabilities/12379 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2003-1068
https://notcve.org/view.php?id=CVE-2003-1068
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082. • http://secunia.com/advisories/8957 http://sunsolve.sun.com/search/document.do?assetkey=1-26-55260-1 http://www.ciac.org/ciac/bulletins/n-105.shtml http://www.securityfocus.com/bid/7835 https://exchange.xforce.ibmcloud.com/vulnerabilities/11083 •