“It has been reported that there is a local root
vulnerability and exploit for the SVGA game Koules. It
requires that Koules be installed with a setuid root bit set, so
some installations may not be affected.”
“The Oracle Connection Manager Control binary (cmctl) has a
local exploit that allows any user to become the user and group
that Oracle is installed under. It works by exploiting a
buffer overflow in cmctl. There is a published exploit for Linux,
but this may have been ported to other architectures. A workaround
for this problem is to remove the suid bit from the program. If you
do not use the setuid bits on this program or on other Oracle
helper programs, you may want to consider removing the suid bits on
all of the Oracle helper programs.”
“A getty replacement for use with fax and data modem lines,
mgetty has a vulnerability that can permit a local user to
create or overwrite any file on the system. The problem is
with the faxrunqd daemon that runs as root. The faxrunqd daemon
will follow a symlink named .last_run that has been created in the
world-writable /var/spool/fax/outgoing/ directory. The fix for this
is to uninstall the package and replace it with a version dated
after 10 Sep 2000.”