Two more exploitable holes in the trillian irc module

Sent the following advisory to trillian: Tue, 16 Jul 2002 16:49:19 -0400 EDT Submitted by : Josh [email protected], omega [email protected] on July 16th, 2002 Vulnerability : Format strings bug and buffer overflow in the IRC client of Trillian Tested On : Trillian v0.73,0.72 Remote : Yes Gree...

Progres Databse PROMSGS Format strings issue.

Well once again I have found yet another Progress database issue. The PROMSGS has been looked at one time already for buffer overflows. It was supposed to be fixed. I was poking around at it today and noticed these format strings issues... PROGRESS Version 9.1C as of Thu Jun 7 10:03:59 EDT 2001...

"at" is vulnerable on Solaris 7 and 8

We found that "at" in Solaris is vulnerable on Solaris 7 and 8 The kind of bug is discussed on Bugtraqid:1634 -- Generally a program that needs to display a message to the user will obtain the proper language specific string from the database using the original message as the search key and...

ssldump 0.9 b1 - Format String

source: https://www.securityfocus.com/bid/2096/info ssldump is a traffic analyzer for monitoring network traffic in real time. It is written and maintained by Eric Rescorla. A problem exists which could allow the arbitrary execution of code. The problem exists in the ssldump handling of format...

ssldump 0.9 b1 - Format String

ssldump 0.9 b1 - Format String source: https://www.securityfocus.com/bid/2096/info ssldump is a traffic analyzer for monitoring network traffic in real time. It is written and maintained by Eric Rescorla. A problem exists which could allow the arbitrary execution of code. The problem exists in th...

Solaris locale Format Strings (noexec stack) Exploit

Exploit for solaris platform in category local exploits ==================================================== Solaris locale Format Strings noexec stack Exploit ==================================================== / exploit for locale subsystem format strings bug In Solaris with noexec stack. Test...

Solaris 2.6/7.0 - 'locale' Format Strings noexec stack Overflow

/ exploit for locale subsystem format strings bug In Solaris with noexec stack. Tested in Solaris 2.6/7.0 If it wont work, try adjust retloc offset. e.g. ./ex -o -4 $gcc -o ex ex.c ldd /usr/bin/passwd|sed -e 's/^.lib\0-9a-zA-Z\.so./-l\1/' usages: ./ex -h Thanks for Ivan Arce who found this bug...

Solaris 2.67.0 - locale Format Strings noexec stack Overflow

Solaris 2.67.0 - locale Format Strings noexec stack Overflow / exploit for locale subsystem format strings bug In Solaris with noexec stack. Tested in Solaris 2.6/7.0 If it wont work, try adjust retloc offset. e.g. ./ex -o -4 $gcc -o ex ex.c ldd /usr/bin/passwd|sed -e...

BFTPd - vsprintf() Format Strings

BFTPd - vsprintf Format Strings / Copyright c 2000 - Security.is The following material may be freely redistributed, provided that the code or the disclaimer have not been partly removed, altered or modified in any way. The material is the property of security.is. You are allowed to adopt the...

CVE-2000-0867

Kernel logging daemon klogd in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages...

Дырки в nap (format string)

Ошибки форматной строки позволяют DoS-атаку, а потенциально - выполнить код...

David Bagley xlock 4.16 - User Supplied Format String (2)

David Bagley xlock 4.16 - User Supplied Format String 2 // source: https://www.securityfocus.com/bid/1585/info A vulnerability exists in versions of the xlockmore program, originally written by David Bagley. It is believed to affect all versions of xlock derived from xlockmore. This includes the...

CVE-2000-0857

The CVE concerns muh 2.05d IRC server where the logging capability does not properly cleanse user-injected format strings. Root cause: improper handling of format strings in nicknames, enabling remote attackers to cause a denial of service and potentially execute arbitrary commands through a malf...

CVE-2000-0666

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges...

CVE-2000-0763

xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option...

CVE-2000-0763

CVE-2000-0763 concerns xlockmore and xlockf, where improper cleansing of user-supplied format strings can enable local users to gain root privileges through the -d option. The NVD entry confirms the impact as local privilege escalation with complete confidentiality, integrity, and availability im...

CVE-2000-0751

The CVE-2000-0751 issue concerns mopd (Maintenance Operations Protocol loader daemon) that fails to properly cleanse user-supplied format strings, enabling remote attackers to execute arbitrary commands. The vulnerability is described as a format-string vulnerability in mopd, with potential for a...

AOL Instant Messenger DoS

AOL Instant Messenger version 4.1.2010 others? appears to be vulnerable to a DoS attack when handling file transfers with filenames containing s. The problem I encountered is that trying to send a file to crash my victim's client would cause my client to crash first, defeating the purpose. To get...

Format strings: bug #1: BSD-lpr

Hi, INTRO ----- Welcome to a short series of security bugs, all involving mistakes with "user supplied format strings". This class of bug is very popular on Bugtraq at the moment, so what an ideal time for a few examples. BSD-lpr ------- If we look into lpr/lpd/printjob.c, we can find the followi...

David Bagley xlock 4.16 - User Supplied Format String (1)

David Bagley xlock 4.16 - User Supplied Format String 1 // source: https://www.securityfocus.com/bid/1585/info A vulnerability exists in versions of the xlockmore program, originally written by David Bagley. It is believed to affect all versions of xlock derived from xlockmore. This includes the...