104 matches found
GNU Anubis 3.6.x/3.9.x Multiple Format String
No description provided by source. source: http://www.securityfocus.com/bid/9772/info GNU Anubis has been reported prone to multiple buffer overflow and format string vulnerabilities. It has been conjectured that a remote attacker may potentially exploit these vulnerabilities to have arbitrary co...
Researchers Cripple Pushdo Botnet
Researchers have made a huge dent in a major variant of the Pushdo botnet, virtually crippling the network by working with hosting providers to take down about two thirds of the command-and-control servers involved in the botnet. Pushdo for years has been one of the major producers of spam and...
FreeBSD : GNU Anubis buffer overflows and format string vulnerabilities (8471bb85-6fb0-11d8-873f-0020ed76ef5a)
Ulf Harnhammar discovered several vulnerabilities in GNU Anubis. - Unsafe uses of sscanf'. The %s' format specifier is used, which allows a classical buffer overflow. auth.c - Format string bugs invoking syslog'. log.c, errs.c, ssl.c Ulf notes that these vulnerabilities can be exploited by a...
FreeBSD Ports: anubis
The remote host is missing an update to the system as announced in the referenced advisory. VID 8471bb85-6fb0-11d8-873f-0020ed76ef5a OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: anubis
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Design/Logic Flaw
The Anubis aka Anubis+Ripe160 plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file...
CVE-2008-2780
The Anubis aka Anubis+Ripe160 plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file...
CVE-2008-2780
The Anubis aka Anubis+Ripe160 plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file...
CVE-2008-2780
The Anubis aka Anubis+Ripe160 plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file...
CVE-2008-2780
CVE-2008-2780 : The Anubis (Anubis+Ripe160) plugin before version 1.3 stores the unencrypted file size in cleartext in the header of the encrypted file, enabling an attacker to distinguish encrypted data from trailing random padding. This is the reported vulnerability detail; no exploitation vect...
CVE-2004-0353
Multiple buffer overflows in authident function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string...
CVE-2004-0354
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to 1 the info function in log.c, 2 the anubiserror function in errs.c, or 3 the sslerror function in ssl.c...
FreeBSD : GNU Anubis buffer overflows and format string vulnerabilities (6)
The following package needs to be updated: anubis %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg8471bb856fb011d8873f0020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...
CVE-2004-0353
CVE-2004-0353 covers multiple buffer overflows in GNU Anubis that affect the auth_ident() function (auth.c) in versions 3.6.0–3.6.2 and 3.9.92–3.9.93, allowing remote attackers to gain privileges by supplying a long string. Connected sources also document additional vulnerabilities in GNU Anubis:...
CVE-2004-0354
CVE-2004-0354 affects GNU Anubis versions 3.6.0–3.6.2 and 3.9.92–3.9.93. The issue is a format string vulnerability in three code paths: the info function in log.c, the anubis_error function in errs.c, and the ssl_error function in ssl.c, which can enable remote code execution. The connected docu...
CVE-2004-0353
Multiple buffer overflows in authident function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string...
CVE-2004-0354
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to 1 the info function in log.c, 2 the anubiserror function in errs.c, or 3 the sslerror function in ssl.c...
GNU Anubis buffer overflows and format string bugs
GNU Anubis buffer overflows and format string bugs PROGRAM: GNU Anubis VENDOR: Free Software Foundation, Inc. HOMEPAGE: http://www.gnu.org/software/anubis/ VULNERABLE VERSIONS: 3.6.2, 3.9.93, 3.9.92, 3.6.0, 3.6.1, possibly others IMMUNE VERSIONS: 3.6.2 with vendor patch, 3.9.93 with vendor patch,...
GNU Anubis multiple bugs
Buffer overflows, format string bugs...
GNU Anubis buffer overflows and format string vulnerabilities
Ulf Härnhammar discovered several vulnerabilities in GNU Anubis. Unsafe uses of sscanf'. The %s' format specifier is used, which allows a classical buffer overflow. auth.c Format string bugs invoking syslog'. log.c, errs.c, ssl.c Ulf notes that these vulnerabilities can be exploited by a maliciou...