cfingerd 1.4 - Format String (1)

source: https://www.securityfocus.com/bid/2576/info A format string bug in the logging facility of the cfingerd "Configurable Finger Daemon" allows remote users to attain root privileges and execute arbitrary code. cfingerd queries and logs the remote username of users of the service. If an...

cfingerd 1.4 - Format String (1)

cfingerd 1.4 - Format String 1 source: https://www.securityfocus.com/bid/2576/info A format string bug in the logging facility of the cfingerd "Configurable Finger Daemon" allows remote users to attain root privileges and execute arbitrary code. cfingerd queries and logs the remote username of...

CVE-2001-0187

Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment...

Дырка в CGI pwc (format string bug)

Ошибка форматной строки при работе с syslog...

another format string bug

There is a format string bug in 'pwc' ftp://ftp.media-com.com.pl/pub/other/pwc.tar.gz. This CGI script is used to change users password via www blah!. writelog call syslog function, which 'eats' ; characters and log it to system logs. But you can paste shellcode into buffers512 and syslog will ru...

[RHSA-2001:029-02] New mutt packages fix IMAP vulnerability/incompatibility

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: New mutt packages fix IMAP vulnerability/incompatibility Advisory ID: RHSA-2001:029-02 Issue date: 2001-03-09 Updated on: 2001-03-13 Product: Red Hat Linux Keywords: mutt IMAP...

Дырки в mutt (format string, GSSAPI)

Ошибки форматной строки при работе с сервером imap...

Дырки в icecast

Ошибки форматной строки, переполнения буфера...

Серьезные дырки в cfengine

Многочисленные ошибки форматной строки позволяют получить root удаленно...

Remote buffer overflow, remote DoS and format string bug in current IRCd's tkserv

Abstract ----------- There are 3 major bugs in the current IRCd distribution as used on the IRCnet for example. The included service daemon 'tkserv' tkserv.c v1.3.0 and all previous versions suffers from: a remote exploitable buffer overflow while querying tklines b memory leck due to strdup'ing...

CVE-2001-0181

The CVE-2001-0181 entry concerns a format-string vulnerability in the error-logging path of the DHCP server and client in Caldera Linux. The underlying flaw is in how logging is performed, allowing a remote attacker to execute arbitrary commands. The available documents confirm the affected compo...

CVE-2001-0181

Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execute arbitrary commands...

[SECURITY] [DSA 029-2] New proftpd packages for m68k available

---------------------------------------------------------------------------- Debian Security Advisory DSA-029-2 [email protected] http://www.debian.org/security/ Martin Schulze March 6, 2001 - ---------------------------------------------------------------------------- Package : proftpd...

NT drivers are potentially vulnerable to format string bug

Many NT drivers are potentially vulnerable to "format string bug". The problem is concerned with DbgPrint function that is used for debug messages. Some drivers instead of directly call of this function use additional intermediate functions. Those functions add a prefix to an outputted string,...

Потенциальная дырка в драйверах Windows NT/2000 (DbgPrint format string)

Во многих дрйверах ошибка форматной строки при вызови функции отладки...

CVE-2001-0032

Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL...

Дырка в startinnfeed (inn)

Ошибка форматной строки потенциально позволяет члену группы news получить root...

Format string bug in startinnfeed

Description -------------- The 'startinnfeed' binary contains various format string bugs. Most of the command line options passes user given arguments to 'syslog' as format string. For example: paul@ps:/usr/home/paul /usr/lib/news/bin/startinnfeed -a "xxnnnnnnn" segmentation fault...

[SECURITY] [DSA 028-1] New man-db packages released

---------------------------------------------------------------------------- Debian Security Advisory DSA-028-1 [email protected] http://www.debian.org/security/ Martin Schulze February 9, 2001 - ---------------------------------------------------------------------------- Package : man-db...

Response to ProFTPD issues

======= Summary ======= Three issues with the ProFTPD FTP server have been reported to BUGTRAQ in the past month. These issues have been addressed by the ProFTPD core team. The following vulnerabilities are addressed in this advisory: 1. "SIZE memory leak"...