UPDATE: Format String Vulnerability in Valve's CS-Source

In-Reply-To: [email protected] Hi, i just found out, that u can also use it remotely against the server without any knowledge of the rcon-password! just do the following: type 'name "n"' without ' to console and wait until you get killed. The server will be killed,...

Apache mod_ssl format string bug

Format string bug if modssl is used in conjunction with modproxy for SSL proxing https://foos.example.com/...

CVE-2005-0188

Format string vulnerability in the SetBaseURL function in AtHoc toolbar allows remote attackers to execute arbitrary code via format string specifiers in an invalid URL that is recorded in the debug log...

In-game format string in Judge Dredd vs. Death 1.01

Luigi Auriemma Application: Judge Dredd: Dredd vs. Death http://www.dreddvsdeath.com Versions: = 1.01 Platforms: Windows Bug: format string Exploitation: remote, versus server in-game Date: 02 October 2004 Author: Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org 1...

Debian DSA-529-1 : netkit-telnet-ssl - format string

'b0f' discovered a format string vulnerability in netkit-telnet-ssl which could potentially allow a remote attacker to cause the execution of arbitrary code with the privileges of the telnet daemon the 'telnetd' user by default. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

Debian DSA-139-1 : super - format string vulnerability

GOBBLES found an insecure use of format strings in the super package. The included program super is intended to provide access to certain system users for particular users and programs, similar to the program sudo. Exploiting this format string vulnerability a local user can gain unauthorized roo...

Debian DSA-098-1 : libgtop - format string vulnerability and buffer overflow

Two different problems were found in libgtop-daemon : - The laboratory intexxia found a format string problem in the logging code from libgtopdaemon. There were two logging functions which are called when authorizing a client which could be exploited by a remote user. - Flavio Veloso found a buff...

Debian DSA-028-1 : man-db - format string vulnerability

Styx has reported that the program man' mistakenly passes malicious strings i.e. containing format characters through routines that were not meant to use them as format strings. Since this could cause a segmentation fault and privileges were not dropped it may lead to an exploit for the 'man' use...

Debian DSA-522-1 : super - format string vulnerability

Max Vozeler discovered a format string vulnerability in super, a program to allow specified users to execute commands with root privileges. This vulnerability could potentially be exploited by a local user to execute arbitrary code with root privileges. %NASLMINLEVEL 70300 C Tenable Network...

Debian DSA-532-2 : libapache-mod-ssl - several vulnerabilities

Two vulnerabilities were discovered in libapache-mod-ssl : - CAN-2004-0488 Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client...

Debian DSA-085-1 : nvi - Format string vulnerability

Takeshi Uno found a very stupid format string vulnerability in all versions of nvi in both, the plain and the multilingualized version. When a filename is saved, it ought to get displayed on the screen. The routine handling this didn't escape format strings. %NASLMINLEVEL 70300 C Tenable Network...

Debian DSA-277-1 : apcupsd - buffer overflows, format string

The controlling and management daemon apcupsd for APC's Unbreakable Power Supplies is vulnerable to several buffer overflows and format string attacks. These bugs can be exploited remotely by an attacker to gain root access to the machine apcupsd is running on. %NASLMINLEVEL 70300 C Tenable Netwo...

Debian DSA-016-3 : wu-ftpd - temp file creation and format string

Security people at WireX have noticed a temp file creation bug and the WU-FTPD development team has found a possible format string bug in wu-ftpd. Both could be remotely exploited, though no such exploit exists currently. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...

Debian DSA-148-1 : hylafax - buffer overflows and format string vulnerabilities

A set of problems have been discovered in Hylafax, a flexible client/server fax software distributed with many GNU/Linux distributions. Quoting SecurityFocus the problems are in detail : - A format string vulnerability makes it possible for users to potentially execute arbitrary code on some...

Debian DSA-513-1 : log2mail - format string

[email protected] discovered a format string vulnerability in log2mail, whereby a user able to log a specially crafted message to a logfile monitored by log2mail for example, via syslog could cause arbitrary code to be executed with the privileges of the log2mail process. By default, this...

Debian DSA-487-1 : neon - format string

Multiple format string vulnerabilities were discovered in neon, an HTTP and WebDAV client library. These vulnerabilities could potentially be exploited by a malicious WebDAV server to execute arbitrary code with the privileges of the process using libneon. %NASLMINLEVEL 70300 C Tenable Network...

Debian DSA-524-1 : rlpr - several vulnerabilities

discovered a format string vulnerability in rlpr, a utility for lpd printing without using /etc/printcap. While investigating this vulnerability, a buffer overflow was also discovered in related code. By exploiting one of these vulnerabilities, a local or remote user could potentially cause...

Debian DSA-447-1 : hsftp - format string

Ulf Harnhammar from the Debian Security Audit Project discovered a format string vulnerability in hsftp. This vulnerability could be exploited by an attacker able to create files on a remote server with carefully crafted names, to which a user would connect using hsftp. When the user requests a...

Debian DSA-370-1 : pam-pgsql - format string

Florian Zumbiehl reported a vulnerability in pam-pgsql whereby the username to be used for authentication is used as a format string when writing a log message. This vulnerability may allow an attacker to execute arbitrary code with the privileges of the program requesting PAM authentication...

Debian DSA-485-1 : ssmtp - format string

Max Vozeler discovered two format string vulnerabilities in ssmtp, a simple mail transport agent. Untrusted values in the functions die and logevent were passed to printf-like functions as format strings. These vulnerabilities could potentially be exploited by a remote mail relay to gain the...