Debian DSA-447-1 : hsftp - format string

Ulf Harnhammar from the Debian Security Audit Project discovered a format string vulnerability in hsftp. This vulnerability could be exploited by an attacker able to create files on a remote server with carefully crafted names, to which a user would connect using hsftp. When the user requests a...

Debian DSA-098-1 : libgtop - format string vulnerability and buffer overflow

Two different problems were found in libgtop-daemon : - The laboratory intexxia found a format string problem in the logging code from libgtopdaemon. There were two logging functions which are called when authorizing a client which could be exploited by a remote user. - Flavio Veloso found a buff...

Debian DSA-487-1 : neon - format string

Multiple format string vulnerabilities were discovered in neon, an HTTP and WebDAV client library. These vulnerabilities could potentially be exploited by a malicious WebDAV server to execute arbitrary code with the privileges of the process using libneon. %NASLMINLEVEL 70300 C Tenable Network...

Debian DSA-401-1 : hylafax - format strings

The SuSE Security Team discovered several exploitable formats string vulnerabilities in hylafax, a flexible client/server fax system, which could lead to executing arbitrary code as root on the fax server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...

Debian DSA-449-1 : metamail - buffer overflow, format string bugs

Ulf Harnhammar discovered two format string bugs CAN-2004-0104 and two buffer overflow bugs CAN-2004-0105 in metamail, an implementation of MIME. An attacker could create a carefully-crafted mail message which will execute arbitrary code as the victim when it is opened and parsed through metamail...

Debian DSA-016-3 : wu-ftpd - temp file creation and format string

Security people at WireX have noticed a temp file creation bug and the WU-FTPD development team has found a possible format string bug in wu-ftpd. Both could be remotely exploited, though no such exploit exists currently. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...

Debian DSA-485-1 : ssmtp - format string

Max Vozeler discovered two format string vulnerabilities in ssmtp, a simple mail transport agent. Untrusted values in the functions die and logevent were passed to printf-like functions as format strings. These vulnerabilities could potentially be exploited by a remote mail relay to gain the...

Debian DSA-521-1 : sup - format string vulnerability

discovered a format string vulnerability in sup, a set of programs to synchronize collections of files across a number of machines, whereby a remote attacker could potentially cause arbitrary code to be executed with the privileges of the supfilesrv process this process does not run automatically...

Debian DSA-014-2 : splitvt - buffer overflow and format string attack

It was reported recently that splitvt is vulnerable to numerous buffer overflow attack and a format string attack. An attacker was able to gain access to the root user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

Debian DSA-524-1 : rlpr - several vulnerabilities

discovered a format string vulnerability in rlpr, a utility for lpd printing without using /etc/printcap. While investigating this vulnerability, a buffer overflow was also discovered in related code. By exploiting one of these vulnerabilities, a local or remote user could potentially cause...

Debian DSA-370-1 : pam-pgsql - format string

Florian Zumbiehl reported a vulnerability in pam-pgsql whereby the username to be used for authentication is used as a format string when writing a log message. This vulnerability may allow an attacker to execute arbitrary code with the privileges of the program requesting PAM authentication...

Debian DSA-513-1 : log2mail - format string

[email protected] discovered a format string vulnerability in log2mail, whereby a user able to log a specially crafted message to a logfile monitored by log2mail for example, via syslog could cause arbitrary code to be executed with the privileges of the log2mail process. By default, this...

Debian DSA-468-1 : emil - several vulnerabilities

Ulf Harnhammar discovered a number of vulnerabilities in emil, a filter for converting Internet mail messages. The vulnerabilities fall into two categories : - CAN-2004-0152 Buffer overflows in 1 the encodemime function, 2 the encodeuuencode function, 3 the decodeuuencode function. These bugs cou...

Debian DSA-085-1 : nvi - Format string vulnerability

Takeshi Uno found a very stupid format string vulnerability in all versions of nvi in both, the plain and the multilingualized version. When a filename is saved, it ought to get displayed on the screen. The routine handling this didn't escape format strings. %NASLMINLEVEL 70300 C Tenable Network...

Debian DSA-148-1 : hylafax - buffer overflows and format string vulnerabilities

A set of problems have been discovered in Hylafax, a flexible client/server fax software distributed with many GNU/Linux distributions. Quoting SecurityFocus the problems are in detail : - A format string vulnerability makes it possible for users to potentially execute arbitrary code on some...

Debian DSA-139-1 : super - format string vulnerability

GOBBLES found an insecure use of format strings in the super package. The included program super is intended to provide access to certain system users for particular users and programs, similar to the program sudo. Exploiting this format string vulnerability a local user can gain unauthorized roo...

Debian DSA-277-1 : apcupsd - buffer overflows, format string

The controlling and management daemon apcupsd for APC's Unbreakable Power Supplies is vulnerable to several buffer overflows and format string attacks. These bugs can be exploited remotely by an attacker to gain root access to the machine apcupsd is running on. %NASLMINLEVEL 70300 C Tenable Netwo...

Debian DSA-095-1 : gpm - local root vulnerability

The package 'gpm' contains the gpm-root program, which can be used to create mouse-activated menus on the console. Among other problems, the gpm-root program contains a format string vulnerability, which allows an attacker to gain root privileges. %NASLMINLEVEL 70300 C Tenable Network Security,...

Debian DSA-028-1 : man-db - format string vulnerability

Styx has reported that the program man' mistakenly passes malicious strings i.e. containing format characters through routines that were not meant to use them as format strings. Since this could cause a segmentation fault and privileges were not dropped it may lead to an exploit for the 'man' use...

Debian DSA-529-1 : netkit-telnet-ssl - format string

'b0f' discovered a format string vulnerability in netkit-telnet-ssl which could potentially allow a remote attacker to cause the execution of arbitrary code with the privileges of the telnet daemon the 'telnetd' user by default. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...