SuSE: Local Root Exploit Advisory for SCCW Security Update Notice
sccw does insufficient bounds checking, trust it's environment and calls insecure system functions. On a default installation sccw is setuid root.
Explore top 10 tips to secure your open-source projects now. Read More
×Find the information you need for your favorite open source distribution .
sccw does insufficient bounds checking, trust it's environment and calls insecure system functions. On a default installation sccw is setuid root.
The /usr/bin/pg and /usr/bin/pb tools can be used to read any file on the system.
The /usr/bin/sccw tool can be used to read any file on the system.
The mars_nwe tools are vulnerable to several buffer overflows.
Several buffer overflows have been found in proftpd which have been verified to be exploitable from an remote attacker. The fixing and finding of new holes is going on for over 2 weeks now, and there is no end in sight. Even with all known fixes, proftpd is still vulnerable to remote exploitation.