[SECURITY] [DSA 148-1] New hylafax packages fix security related problems

-------------------------------------------------------------------------- Debian Security Advisory DSA 148-1 [email protected] http://www.debian.org/security/ Martin Schulze August 12th, 2002 - -------------------------------------------------------------------------- Package : hylafax...

CVE-2002-0819

Format string vulnerability in artsd, when called by artswrapper, allows local users to gain privileges via format strings in the -a argument, which results in an error message that is not properly handled in a call to the artsfatal function...

CVE-2000-1208

Format string vulnerability in startprinting function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote call...

CVE-2002-0501

Format string vulnerability in logprint function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages...

CVE-2002-0796

Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges...

CVE-2002-0412

Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via 1 an HTTP GET request, 2 a user name in HTTP authentication, or 3 a password in HTTP...

CVE-2002-0525

Format string vulnerabilities in 1 inews or 2 rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses...

CVE-2002-0735

Format string vulnerability in the logging function in C-Note Squid LDAP authentication module squidauthLDAP 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages...

CVE-2002-0817

Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument...

DEBIAN-CVE-2002-0817

Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument...

DSA-148 hylafax - buffer overflows and format string vulnerabilities

Bulletin has no description...

ISDN4Linux 3.1 - IPPPD Device String SysLog Format String (2)

ISDN4Linux 3.1 - IPPPD Device String SysLog Format String 2 source: https://www.securityfocus.com/bid/5437/info isdn4linux is a freely available, open source package of isdn compatibility tools. It is available for Linux operating systems. isdn4linux contains a format string vulnerability in the...

ISDN4Linux 3.1 - IPPPD Device String SysLog Format String (1)

ISDN4Linux 3.1 - IPPPD Device String SysLog Format String 1 // source: https://www.securityfocus.com/bid/5437/info isdn4linux is a freely available, open source package of isdn compatibility tools. It is available for Linux operating systems. isdn4linux contains a format string vulnerability in t...

ISDN4Linux 3.1 - IPPPD Device String SysLog Format String (2)

source: https://www.securityfocus.com/bid/5437/info isdn4linux is a freely available, open source package of isdn compatibility tools. It is available for Linux operating systems. isdn4linux contains a format string vulnerability in the ipppd utility. In some installations, this utility is...

ISDN4Linux 3.1 - IPPPD Device String SysLog Format String (1)

// source: https://www.securityfocus.com/bid/5437/info isdn4linux is a freely available, open source package of isdn compatibility tools. It is available for Linux operating systems. isdn4linux contains a format string vulnerability in the ipppd utility. In some installations, this utility is...

SUN Answer Book buffer overflow

Buffer overflow in CGI and format string bug in dwhttpd...

CVE-2002-0819

CVE-2002-0819 describes a format-string vulnerability in the artsd component when invoked via artswrapper. The flaw allows local users to gain privileges through improper handling of format strings in the -a argument, leading to privilege escalation via an error message call path to arts_fatal. A...

CVE-2002-0819

Format string vulnerability in artsd, when called by artswrapper, allows local users to gain privileges via format strings in the -a argument, which results in an error message that is not properly handled in a call to the artsfatal function...

Inso DynaWeb HTTPd 3.14.0.24.1 - Format String

Inso DynaWeb HTTPd 3.14.0.24.1 - Format String // source: https://www.securityfocus.com/bid/5384/info Inso DynaWeb webserver, dwhttpd, is used as a subcomponent in products such as Sun's AnswerBook2, which is shipped as part of the Solaris operating environment. The dwhttpd webserver is prone to ...

Inso DynaWeb HTTPd 3.1/4.0.2/4.1 - Format String

// source: https://www.securityfocus.com/bid/5384/info Inso DynaWeb webserver, dwhttpd, is used as a subcomponent in products such as Sun's AnswerBook2, which is shipped as part of the Solaris operating environment. The dwhttpd webserver is prone to a remotely exploitable format-string...