CVE-2012-1717 – OpenJDK: insecure temporary file permissions (JRE, 7143606)
https://notcve.org/view.php?id=CVE-2012-1717
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux. Vulnerabilidad no especificada en el Java Runtime Environment (JRE), componente de Oracle Java SE 7 Update 4 y anteriores, 6 Update 32 y anteriores, 5 actualización 35 y anteriores, y v1.4.2_37 y anteriores permite a usuarios locales afectar la confidencialidad a través de vectores desconocidos relacionados con el la impresión en Solaris o Linux. • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html http://rhn.redhat.com/errata/RHSA-2012-0734.html http://rhn.redhat.com/errata/RHSA-2012-1243.html http://rhn.redhat& • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2012-0217 – FreeBSD - Intel SYSRET Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-0217
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. El modo de usuario Scheduler en el núcleo en Microsoft Windows Server v2008 R2 y R2 SP1 y Windows v7 Gold y SP1 sobre la plataforma x64 no maneja adecuadamente solicitudes del sistema, lo que permite a usuarios locales obtener privilegios a través de una aplicación modificada, también conocida como "vulnerabilidad de corrupción de memoria de modo de usuario Scheduler". It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. • https://www.exploit-db.com/exploits/46508 https://www.exploit-db.com/exploits/28718 https://www.exploit-db.com/exploits/20861 http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html http://lists.xen.org/archives/html/xen-devel/2012-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2005-4796
https://notcve.org/view.php?id=CVE-2005-4796
Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-100881-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-27525-1 http://www.ciac.org/ciac/bulletins/p-264.shtml http://www.osvdb.org/18809 http://www.securityfocus.com/bid/13016 •
CVE-2003-1073 – Sun Solaris 2.5/2.6/7.0/8/9 AT Command - Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2003-1073
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place. • https://www.exploit-db.com/exploits/22203 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0044.html http://isec.pl/vulnerabilities/isec-0008-sun-at.txt http://secunia.com/advisories/7960 http://sunsolve.sun.com/search/document.do?assetkey=1-26-50161-1 http://www.ciac.org/ciac/bulletins/n-070.shtml http://www.securityfocus.com/archive/1/308577 http://www.securityfocus.com/bid/6692 http://www.securityfocus.com/bid/6693 http://www.securitytracker.com/id?1005994 •
CVE-2003-0161 – Sendmail 8.12.8 (BSD) - 'Prescan()' Remote Command Execution
https://notcve.org/view.php?id=CVE-2003-0161
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337. • https://www.exploit-db.com/exploits/24 https://www.exploit-db.com/exploits/22442 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614 http://lists.apple.com/mhonarc/secur •