CVE-2004-2264

GNU less versions 358–382 contain a format-string bug in the open_altfile function (filename.c) that may allow local users to cause a denial of service or possibly execute arbitrary code via the LESSOPEN environment variable. The PT-2004-3159 advisory notes this is not a vulnerability unless priv...

CVE-2004-2264

Format string bug in the openaltfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a...

Multiple Race Drivers game vulnerabilities

Buffer overflows, format string bugs,...

CVE-2004-2238

Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a vulnerability...

CVE-2004-2238

The CVE concerns a format-string issue in vsybase.c of vpopmail versions up to 5.4.2. A follow-up note indicates the source uses constants that, when compiled, become static format strings, and this is described as not a vulnerability. No concrete impact, attack vectors, or remediation details ar...

XV

New XV image viewer packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. Format string and other issues could cause a crash or execution of arbitrary code if a specially crafted image is loaded with XV. Here are the details from the Slackware 10.1...

CVE-2001-1562

Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename...

CVE-2001-1566

Format string vulnerability in libvanessalogger 0.0.1 in Perdition 0.1.8 allows remote attackers to execute arbitrary code via format string specifiers in the vanessaloggerlog function...

CVE-2002-2022

The CVE-2002-2022 entry concerns Kaffe OpenVM 1.0.6 and earlier. Root cause: a format string vulnerability in the handling of forName attributes that can be triggered when a java.lang.NoClassDefFoundError is thrown, allowing a local attacker to execute arbitrary code. Affected component: the VM’s...

CVE-2001-1562

CVE-2001-1562 affects the nvi editor; it is a format string vulnerability in which, before version 1.79, local users could gain privileges via format specifiers embedded in a filename. The Debian advisory DSA-085-1 and OpenVAS entries reiterate that nvi (and nvi-m17n) needed updates to address th...

CVE-2002-2022

Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows local users to execute arbitrary code, when a java.lang.NoClassDefFoundError is thrown, via format specifiers in the forName attribute...

CVE-2001-1562

Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename...

CVE-2001-1566

Format string vulnerability in libvanessalogger 0.0.1 in Perdition 0.1.8 allows remote attackers to execute arbitrary code via format string specifiers in the vanessaloggerlog function...

FreeBSD : emacs -- movemail format string vulnerability (3e3c860d-7dae-11d9-a9e7-0001020eed82)

Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. They can be exploited when connecting to a malicious POP server and can allow an attacker can execute arbitrary code under the privileges of the user running Emacs. %NASLMINLEVEL 70300 C Tenable Network...

FreeBSD : ImageMagick -- format string vulnerability (713c3913-8c2b-11d9-b58c-0001020eed82)

Tavis Ormandy reports : magemagick-6.2.0-3 fixes an potential issue handling malformed filenames, the flaw may affect webapps or scripts that use the imagemagick utilities for image processing, or applications linked with libMagick. This vulnerability could crash ImageMagick or potentially lead t...

Slackware 8.1 / 9.0 / 9.1 / current : metamail security update (SSA:2004-049-02)

Metamail is a set of utilities for processing MIME mail. New metamail packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two format string bugs and two buffer overflows which could lead to unauthorized code execution. Thanks to Ulf Hrnhammar for discovering these problems...

FreeBSD : oops -- format string vulnerability (1033750f-cab4-11d9-9aed-000e0c2e438a)

A RST/GHC Advisory reports that there is an format string vulnerability in oops. The vulnerability can be found in the MySQL/PgSQL authentication module. Succesful exploitation may allow execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

FreeBSD : ngircd -- format string vulnerability (bc4a7efa-7d9a-11d9-a9e7-0001020eed82)

A No System Group security advisory reports that ngircd is vulnerable to a format string vulnerability in the LogResolver function of log.c, if IDENT support is enabled. This could allow a remote attacker to execute arbitrary code with the permissions of the ngircd daemon, which is root by defaul...

FreeBSD : gld -- format string and buffer overflow vulnerabilities (6c2d4f29-af3e-11d9-837d-000e0c2e438a)

Gld has been found vulnerable to multiple buffer overflows as well as multiple format string vulnerabilities. An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the user running Gld, the default user being root. The FreeBSD port defaults to running gld ...

FreeBSD : xv -- filename handling format string vulnerability (a4bd3039-9a48-11d9-a256-0001020eed82)

A Gentoo Linux Security Advisory reports : Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv. Successful exploitation would require a victim to process a specially crafted image with a malformed filename, potentially resulting in the...