1471 matches found
CUPS 1.1.x - Negative Length HTTP Header
source: https://www.securityfocus.com/bid/6437/info A vulnerability has been reported for CUPS that if exploited may result in a DoS or the execute of code on affected systems. An attacker can exploit this vulnerability by connecting to a vulnerable system and issuing malformed HTTP headers with ...
SSH Secure Shell for Servers fails to remove child process from master process group
Overview A locally exploitable privilege escalation vulnerability exists in SSH Secure Shell versions 2.0.13 - 3.2.1. Description Secure Shell for Servers, developed by SSH Communications Security, does not properly remove the child process from the master process group after non-interactive...
Domain Name System (DNS) stub resolver libraries vulnerable to buffer overflows via network name or address lookups
Overview The DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10 contains buffer overflows in code that handles responses for network name and address requests. Other resolver libraries derived from BIND 4 such as BSD libc, GNU glibc, and those used by System V UNIX systems may also be...
Rogue 5.3 - Local Buffer Overflow
source: https://www.securityfocus.com/bid/5837/info Rogue is a game included with BSD distributions including FreeBSD and NetBSD. By passing an overly long value when restoring a saved game, it is possible for an attacker to corrupt memory. Exploitation of this issue could result in privilege...
CVE-2000-1208
Format string vulnerability in startprinting function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote call...
CVE-2002-0824
BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device...
BSD NFS DoS
Empty RPC packet causes cycling...
Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflow via network name and address lookups
Overview Buffer overflow vulnerabilities exists in the DNS stub resolver library used by BSD, ISC BIND, and GNU glibc. Other systems that use DNS resolver code derived from ISC BIND may also be affected. An attacker who is able to control DNS responses could exploit arbitrary code or cause a deni...
FreeBSD 4.x / NetBSD 1.4.x/1.5.x/1.6 / OpenBSD 3 - pppd Arbitrary File Permission Modification Race Condition
source: https://www.securityfocus.com/bid/5355/info A vulnerability has been reported in some versions of the pppd daemon included with multiple BSD distributions. A race condition error in the code may result in the pppd process changing the file permissions on an arbitrary system file. pppd wil...
CVE-2002-0572
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 standard input, 1 standard output, or 2 standard error, which may then be reused by a called setuid process that intended to...
DEBIAN-CVE-2002-0639
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication ChallengeResponseAuthentication when OpenSSH is using SKEY or BSDAUTH authentication...
Apache mod_ssl off-by-one vulnerability
Product: modssl - http://www.modssl.org/ Date: 06/24/2002 Summary: Off-by-one in modssl 2.4.9 and earlier By: Frank Denis - [email protected] --------------------------------------------------------------------- DESCRIPTION --------------------------------------------------------------------- This...
Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflows
Overview Buffer overflow vulnerabilities exists in the DNS stub resolver library used by BSD, ISC BIND, and GNU glibc. Other systems that use DNS resolver code derived from ISC BIND may also be affected. An attacker who is able to control DNS responses could exploit arbitrary code or cause a deni...
CVE-2002-0381
The TCP implementation in various BSD operating systems tcpinput.c does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address...
procmail heap overflow
hi, i found a heap overflow in procmail up until latest some time ago. flatline@intra:/usr/bin$ ls -la procmail -rwsr-xr-x 1 root mail 64344 Jun 3 2001 procmail flatline@intra:/usr/bin$ ./procmail perl -e 'print "A"x10240'=A procmail: Exceeded LINEBUF Segmentation fault flatline@intra:/usr/bin$ a...
[CERT-intexxia] mmftpd FTP Daemon Format String Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SECURITY ADVISORY INTEXXIAc 04 06 2002 ID 1053-040602 TITLE : mmftpd FTP Daemon Format String Vulnerability CREDITS : Guillaume Pelat / INTEXXIA SYSTEM AFFECTED =============== mmftpd = 0.0.7 DESCRIPTION =========== "mmftpd is a secure FTP server that...
CVE-2002-0572
CVE-2002-0572 affects BSD-based systems (notably FreeBSD 4.5 and earlier); the issue arises when a local user closes standard input/output/error (FDs 0–2) and a subsequent setuid-invoked I/O operation reuses those descriptors, allowing read/write access to restricted files. Connected records corr...
Apple Mac OSX 10.x FreeBSD 4.x OpenBSD 2.x Solaris 2.52.67.08 - exec C Library Standard IO File Descriptor Closure
Apple Mac OSX 10.x FreeBSD 4.x OpenBSD 2.x Solaris 2.52.67.08 - exec C Library Standard IO File Descriptor Closure / source: https://www.securityfocus.com/bid/4568/info It has been reported that BSD-based kernels do not check to ensure that the C library standard I/O file descriptors 0-2 are vali...
Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - 'exec C Library' Standard I/O File Descriptor Closure
/ source: https://www.securityfocus.com/bid/4568/info It has been reported that BSD-based kernels do not check to ensure that the C library standard I/O file descriptors 0-2 are valid open files before execing setuid images. Consequently, I/O that are opened by a setuid process may be assigned fi...
*BSD YP authentication privelege escalation
No description provided...