Libc locale - Local Privilege Escalation (2)

/ source: https://www.securityfocus.com/bid/1634/info ectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide internationalization support according to the...

Immunix OS 6.2 - LC glibc format string

Immunix OS 6.2 - LC glibc format string / source: https://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...

Дырка в xlock/xlockmore

Ошибка форматной строки в имени дисплея. На некоторых системах xlock установлен как suid...

[SECURITY] New version of xlockmore/xlockmore-gl released

Package: xlockmore, xlockmore-gl Vulnerability type: local exploit Debian-specific: no There is a format string bug in all versions of xlockmore/xlockmore-gl. Debian 2.1 slink installs xlock setgid by default, and this exploit can be used to gain read access to the shadow file. We recommend...

David Bagley xlock 4.16 - User Supplied Format String (1)

// source: https://www.securityfocus.com/bid/1585/info A vulnerability exists in versions of the xlockmore program, originally written by David Bagley. It is believed to affect all versions of xlock derived from xlockmore. This includes the xlock shipped with a number of popular operating systems...

hpux.ftpd.txt

Hello, I have discovered HPUX ftpd remote vulnerability. The problem persists in using vsprintf without format string. Example: 220 xxx FTP server Version 1.7.212.2 Tue Apr 21 12:14:46 GMT 1998 ready. user ftp 331 Guest login ok, send ident as password. pass %.1030d 230 Guest login ok, access...

Переполнение буфера в mopd

Переполнение буфера при длинном имени файла, несколько ошибок форматной строки...

Redhat Linux 6.x remote root exploit

Hi, Included below is an exploit for the recently exposed linux rpc.statd format string vulnerability0. I have tailored it towards current Redhat Linux 6.x installations. It can easily be incorporated into attacks against the other vulnerable Linux distributions. I am not a security expert, but...

HPUX FTPd vulnerability

Hello, I have discovered HPUX ftpd remote vulnerability. The problem persists in using vsprintf without format string. Example: 220 xxx FTP server Version 1.7.212.2 Tue Apr 21 12:14:46 GMT 1998 ready. user ftp 331 Guest login ok, send ident as password. pass .1030d 230 Guest login ok, access...

Дырка в HP-UX FTPd

Переполнение буфера в результате ошибки форматной строки команда PASS...

Redhat Linux 6.x remote root exploit

Hi, Included below is an exploit for the recently exposed linux rpc.statd format string vulnerability0. I have tailored it towards current Redhat Linux 6.x installations. It can easily be incorporated into attacks against the other vulnerable Linux distributions. I am not a security expert, but...

HP-UX FTP Daemon PASS Command Remote Format String

The remote ftp server does not sanitize properly the argument of the PASS command it receives for anonymous accesses. It may be possible for a remote attacker to gain shell access. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Conectiva 4.x/5.x / Debian 2.x / RedHat 6.x / S.u.S.E 6.x/7.0 / Trustix 1.x - rpc.statd Remote Format String (3)

// source: https://www.securityfocus.com/bid/1480/info A vulnerability exists in the 'rpc.statd' program, which is part of the 'nfs-utils' package that is shipped with a number of popular Linux distributions. Because of a format-string vulnerability when calling the 'syslog' function, a remote...

Conectiva 4.x5.x Debian 2.x RedHat 6.x S.u.S.E 6.x7.0 Trustix 1.x - rpc.statd Remote Format String (3)

Conectiva 4.x5.x Debian 2.x RedHat 6.x S.u.S.E 6.x7.0 Trustix 1.x - rpc.statd Remote Format String 3 // source: https://www.securityfocus.com/bid/1480/info A vulnerability exists in the 'rpc.statd' program, which is part of the 'nfs-utils' package that is shipped with a number of popular Linux...

NAI Net Tools PKI Server 1.0 - Format String

source: https://www.securityfocus.com/bid/1538/info Certain versions of Network Associates Inc.'s Net Tools PKI Public Key Infrastructure server ship with a vulnerability which allows remote attackers to execute arbitrary commands on the system which the PKI server resides. The problem lies withi...

Lots and lots of fun with rpc.statd

Last week was a little quiet, so I thought I'd throw some kindling on the fire. Here's another prime example of a format string bug: our old friend rpc.statd. Attached is an exploit. The offsets are for Linux/PowerPC, Debian 2.2. It isn't functional, though - and it's more than just kiddy-proofed...

Conectiva 4.x5.x Debian 2.x RedHat 6.x S.u.S.E 6.x7.0 Trustix 1.x - rpc.statd Remote Format String (1)

Conectiva 4.x5.x Debian 2.x RedHat 6.x S.u.S.E 6.x7.0 Trustix 1.x - rpc.statd Remote Format String 1 // source: https://www.securityfocus.com/bid/1480/info A vulnerability exists in the 'rpc.statd' program, which is part of the 'nfs-utils' package that is shipped with a number of popular Linux...

Conectiva 4.x/5.x / Debian 2.x / RedHat 6.x / S.u.S.E 6.x/7.0 / Trustix 1.x - rpc.statd Remote Format String (1)

// source: https://www.securityfocus.com/bid/1480/info A vulnerability exists in the 'rpc.statd' program, which is part of the 'nfs-utils' package that is shipped with a number of popular Linux distributions. Because of a format-string vulnerability when calling the 'syslog' function, a remote...

CVE-2000-0573

The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command...

Удаленный root в proftpd

Дырка похожая на аналогичную в WU, связана с использованием ввода пользователя в качестве форматной строки...