Mandrake Linux Security Advisory : ethereal (MDKSA-2005:083)

A number of vulnerabilities were discovered in previous version of Ethereal that have been fixed in the 0.10.11 release, including : - The ANSI A and DHCP dissectors are vulnerable to format string vulnerabilities. - The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PK...

GLSA-200505-03 : Ethereal: Numerous vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200505-03 Ethereal: Numerous vulnerabilities There are numerous vulnerabilities in versions of Ethereal prior to 0.10.11, including: The ANSI A and DHCP dissectors are vulnerable to format string vulnerabilities. The DISTCC, FCELS...

CVE-2004-1946

Format string vulnerability in the PRINTERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if...

CVE-2004-2026

Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages...

CVE-2003-1170

Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service segmentation fault and possibly execute arbitrary code via format string specifiers in command line arguments...

CVE-2004-2026

CVE-2004-2026 describes a format-string vulnerability in Pound’s logmsg function (svc.c) affecting Pound 1.5 and earlier. A remote attacker could trigger arbitrary code execution by supplying format-specifiers in syslog messages. The vulnerability is due to improper handling of user-controlled fo...

CVE-2004-1900

Format string vulnerability in the logging function in IGI 2 Covert Strike server 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in RCON commands...

CVE-2004-1946

Format string vulnerability in the PRINT_ERROR function of Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. The initial description notes it is unclear whether the issue could be exploited remotely or...

CVE-2004-1900

The CVE-2004-1900 entry describes a format string vulnerability in the logging function of the IGI 2 Covert Strike server (version 1.3 and earlier). The vulnerability allows remote attackers to execute arbitrary code via format string specifiers in RCON commands. The provided documents confirm th...

CVE-2004-2026

Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages...

CVE-2004-1917

Format string vulnerability in testfuncfunc in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable...

CVE-2004-1917

Format string vulnerability in testfuncfunc in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable...

CVE-2004-1805

The CVE-2004-1805 issue targets games using the Epic Games Unreal Engine 436, describing a format string vulnerability in class names that enables remote attackers to cause a denial of service and potentially execute arbitrary code. The vulnerability appears to be exploitable over the network, wi...

CVE-2003-1170

CVE-2003-1170 affects kpopup (versions 0.9.1 and 0.9.5pre2). A format string vulnerability in main.cpp can allow local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via command line arguments. Additional VuXML/OpenVAS/Nessus entries note that misc.cpp...

CVE-2004-1917

CVE-2004-1917 involves a format string vulnerability in LCDProc, present in version 0.4.1 and earlier, specifically in test_func_func. The flaw allows remote attackers to execute arbitrary code by supplying format string specifiers via the str variable. The cited sources consistently describe the...

CVE-2004-1805

Format string vulnerability in games using the Epic Games Unreal Engine 436 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in class names...

Oops! proxy format string vulnerability

Format string bug during database logging...

[NEWS] Ethereal Protocol Dissectors Buffer Overflow Vulnerabilities

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2005-1463

CVE-2005-1463 refers to multiple format-string vulnerabilities in Ethereal before 0.10.11, affecting the DHCP and ANSI A dissectors. The root cause is format-string handling that allows remote attackers to execute arbitrary code. The advisory notes that upgrading Ethereal to version 0.10.11 elimi...

CVE-2005-1463

Multiple format string vulnerabilities in the 1 DHCP and 2 ANSI A dissectors in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code...