IBM's AIX contains a locally exploitable buffer overflow in libIM which allows attackers to execute code with the privileges of an application calling the library. The "/usr/lpp/X11/bin/aixterm" binary calls the libIM library and is then installed setuid root by default on AIX. The "-im" command line argument used by aixterm causes the binary to crash when filled with a string about 50 bytes in length, allowing attackers to control the return address and run code as root.
d48b6926c82ffe75c223b8a03b1f5182ccf081eafc0e952920b165ba77191d02Red Hat Security Advisory RHSA-2002:202-33 - Python v2.2.1 and below has a temp file vulnerability in os._execvpe from os.py which allows local users to execute arbitrary code via a symlink attack.
822772e745db7d21b2b9bc4fe2db053ac18299cff1d54f0118e3c00554dd3e0e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed