| OSVDB ID | Disclosure Date | Title |
|---|
|
19161
Description:
UNIX-V7 contains a flaw that may allow a local attacker to execute privileged commands. The issue occurs when a user is able to create a root owned world writeable file (ie: forcing passwd to core dump) and move it to the at or atrun spool directory. The next time at or atrun are executed, any commands in the custom file would be executed with root privileges.
|
1981-08-25
|
UNIX-V7 at/atrun Spool Directory Permission Weakness Privilege Escalation
|
|
19197
Description:
UNIX-V7 contains a flaw that may allow a local user to gain access to sensitive information or execute privileged commands. The issue is due to the login program allowing any local user to take owernship of a tty device file (/dev/tty*). This could allow an unprivileged user to take ownership of the tty that a privileged user is logged in on.
|
1981-08-25
|
UNIX-V7 login Terminal Owner Hijacking
|
|
19046
Description:
Multiple Unix flavors contain a flaw that may allow a local attacker to execute arbitrary commands with increased privileges. The flaw occurs when a user executes a SUID shell script with the name "-", which will process and execute commands from ".profile" in the current directory. This could allow a local attacker to create a set of arbitrary commands in her own profile, that could be executed under increased privileges.
|
1981-08-25
|
Unix/SystemV SUID/SGID Shell Script Invocation Privilege Escalation
|
|
532
Description:
Amdahl's Unix (UTS) contains a flaw that may allow a local attacker gain elevated privileges. The problem is due to the user profile program not sanitizing user-supplied input when changing the comment field of their password entry. By adding a newline, a user can create an arbitrary entry in the password field for a new account with root privileges.
|
1981-08-25
|
Amdahl Unix (UTS) /etc/passwd Comment Field Modification Privilege Escalation
|
|
661
Description:
Multiple Unix flavors that install the 'empire' game contain a flaw that may allow a local user to gain privileges. The issue is due to the program not dropping SGID privileges when invoking commands. This can be used to execute a sub-process with the same privileges as the game, allowing any command to be run with the same group ID.
|
1981-08-25
|
Multiple Unix empire Invoked Shell Privilege Escalation
|
|
662
Description:
Multiple Unix flavors that install the 'snake' game contain a flaw that may allow a local user to gain privileges. The issue is due to the program not dropping SGID privileges when invoking commands. This can be used to execute a sub-process with the same privileges as the game, allowing any command to be run with the same group ID.
|
1981-08-25
|
Multiple Unix snake Invoked Shell Privilege Escalation
|
|
663
Description:
Multiple Unix flavors that install the 'adventure' game contain a flaw that may allow a local user to gain privileges. The issue is due to the program not dropping SGID privileges when invoking commands. This can be used to execute a sub-process with the same privileges as the game, allowing any command to be run with the same group ID.
|
1981-08-25
|
Multiple Unix adventure Invoked Shell Privilege Escalation
|
|
15265
Description:
Sendmail contains multiple unspecified flaws. No further details have been provided.
|
1981-08-23
|
Sendmail Unspecified Multiple Security Issues
|
|
535
Description:
UNIX-V6 contains a flaw that may allow a local attacker to gain increased privileges. The flaw occurs when an attacker intentionally exhausts all file descriptors before executing the 'su' program. In such a case, 'su' would invoke a super-user shell instead of failing to execute.
|
1981-08-23
|
UNIX-V6 su File Descriptor Exhaustion Local Privilege Escalation
|
