CVE-2001-0459
published 2001-06-27CVE-2001-0459: Buffer overflows in ascdc Afterstep while running setuid allows local users to gain root privileges via a long (1) -d option, (2) -m option, or (3) -f option.
PriorityP424high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.78%
51.2th percentile
Buffer overflows in ascdc Afterstep while running setuid allows local users to gain root privileges via a long (1) -d option, (2) -m option, or (3) -f option.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rob_malda | ascdc | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Rob Malda ASCDC 0.3 - Local Buffer Overflow (1)
exploitdb·2001-03-08
CVE-2001-0459 Rob Malda ASCDC 0.3 - Local Buffer Overflow (1)
Rob Malda ASCDC 0.3 - Local Buffer Overflow (1)
---
/*
source: https://www.securityfocus.com/bid/2462/info
ascdc is a program written for X by Rob Malda. It is designed to provide a graphical interface to cd changing on linux systems.
A vulnerability in the program could allow elevated privileges on a system with the package installed setuid. Due to insufficent bounds checking, it is possible to execute arbitrary code with the ascdc program. Overflows in the -c, -d, and -m arguments make it possible for a user to overwrite variables on the stack, including the return address, and execute shellcode.
The program is not installed setuid. However, in a setuid installation, this problem makes it possible for a user to execute arbitrary code, and potentially gain elevated privileges.
*/
ch
Exploit-DB
Rob Malda ASCDC 0.3 - Local Buffer Overflow (2)
exploitdb·2001-03-08
CVE-2001-0459 Rob Malda ASCDC 0.3 - Local Buffer Overflow (2)
Rob Malda ASCDC 0.3 - Local Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/2462/info
ascdc is a program written for X by Rob Malda. It is designed to provide a graphical interface to cd changing on linux systems.
A vulnerability in the program could allow elevated privileges on a system with the package installed setuid. Due to insufficent bounds checking, it is possible to execute arbitrary code with the ascdc program. Overflows in the -c, -d, and -m arguments make it possible for a user to overwrite variables on the stack, including the return address, and execute shellcode.
The program is not installed setuid. However, in a setuid installation, this problem makes it possible for a user to execute arbitrary code, and potentially gain elevated privileges.
/* /u
No writeups or analysis indexed.
2001-06-27
Published