SurgeFTP FTP server DoS

Developers left debugging LEAK command, that opens large number of file descriptors...

HP-UX PHSS_29546 : HPSBUX0310-285 SSRT3642 Potential Security Vulnerabilities Apache web server HP-UX VVOS and Webproxy.

s700800 11.04 Virtualvault 4.6 OWS update : 1. Potential Apache web server crash when it goes into an infinite loop due to too many subsequent internal redirects and nested subrequests. VU379828 2. No de-allocation of file descriptors while servicing CGI scripts through child processes...

kppp KDE dialer file descriptors leak

File descriptors are leaked for /etc/hosts and /etc/resolv.conf...

security flaw

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers...

Multiple applications fd_set structure bitmap array index overflow

Absence of control for large number of open file descriptors or sockets FDSETSIZE allow to write arbitrary memory...

security flaw

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers...

DEBIAN-CVE-2004-1270

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers...

CVE-2004-1270

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers...

DEBIAN-CVE-2004-2215

RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges...

CVE-2002-1372

CVE-2002-1372 affects the Common Unix Printing System (CUPS) versions 1.1.14–1.1.17. The issue arises because CUPS does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by creating an...

CVE-2002-1372

Common Unix Printing System CUPS 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service resource exhaustion by causing file descriptors to be assigned and not released, as demonstrated...

Apache 2.0.4x mod_perl - File Descriptor Leakage (3)

Apache 2.0.4x modperl - File Descriptor Leakage 3 source: https://www.securityfocus.com/bid/9471/info A vulnerability has been reported to exist in the Apache modperl module that may allow local attackers to gain access to privileged file descriptors. This issue could be exploited by an attacker ...

Apache 2.0.4x mod_perl - File Descriptor Leakage (3)

source: https://www.securityfocus.com/bid/9471/info A vulnerability has been reported to exist in the Apache modperl module that may allow local attackers to gain access to privileged file descriptors. This issue could be exploited by an attacker to hijack a vulnerable server daemon. Other attack...

DEBIAN-CVE-2003-1307

The modphp module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: th...

PT-2003-2252 · Apache +2 · Apache Http Server +2

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server with mod php module affected versions not specified Description: The mod php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the...

Apache 2.0.4x mod_php - File Descriptor Leakage (2)

Apache 2.0.4x modphp - File Descriptor Leakage 2 // source: https://www.securityfocus.com/bid/9302/info Reportedly, the Apache modphp module may be prone to a vulnerability that may allow a local attacker to gain access to privileged file descriptors. As a result, the attacker may pose as a...

Apache 2.0.4x mod_php - File Descriptor Leakage (2)

// source: https://www.securityfocus.com/bid/9302/info Reportedly, the Apache modphp module may be prone to a vulnerability that may allow a local attacker to gain access to privileged file descriptors. As a result, the attacker may pose as a legitimate server and possibly steal or manipulate...

CVE-2003-0476

The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors...

CVE-2002-1372

Common Unix Printing System CUPS 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service resource exhaustion by causing file descriptors to be assigned and not released, as demonstrated...

openbsd-select-bug.txt

Hi there, Recently a bug in the select syscall of openbsd was published. This text describes the details and the eventual exploitation of this bug. First of all let us look at the definition of select: int selectint nfds, fdset readfds, fdset writefds, fdset exceptfds, struct timeval timeout; The...