security flaw

Race condition in the 1 loadelflibrary and 2 binfmtaout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor...

DSA-643-1 queue - buffer overflows

Bulletin has no description...

Debian DSA-643-1 : queue - buffer overflows

'jaguar' of the Debian Security Audit Project has discovered several buffer overflows in queue, a transparent load balancing system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-643. Th...

CVE-2004-2259

vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service crash via a SIGCHLD signal during a malloc or free call, which is not re-entrant...

CVE-2004-2259

vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service crash via a SIGCHLD signal during a malloc or free call, which is not re-entrant...

CVE-2004-1234

loadelfbinary in Linux before 2.4.26 allows local users to cause a denial of service system crash via an ELF binary in which the interpreter is NULL...

DEBIAN-CVE-2004-2259

vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service crash via a SIGCHLD signal during a malloc or free call, which is not re-entrant...

security flaw

The loadelfbinary function in the binfmtelf loader binfmtelf.c in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernelread function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary...

CVE-2004-0317

Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x allows local users or remote attackers within the LSF cluster to cause a denial of service segmentation fault and possibly execute arbitrary code via a long LSFFromPC parameter...

CVE-2004-0596

The Equalizer Load-balancer for serial network interfaces eql.c in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference...

CVE-2004-0596

The vulnerability CVE-2004-0596 affects the Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7. The root cause is a null dereference triggered when a non-existent device name is used, leading to local denial of service. Affected component: eql.c within...

CVE-2004-0596

The Equalizer Load-balancer for serial network interfaces eql.c in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference...

APSIS Pound Load Balancer Format String Overflow

The remote server is vulnerable to a remote format string bug which can allow remote attackers to gain access to confidential data. Pound versions less than 1.6 are vulnerable to this issue. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid12007; scriptversion "1.14";...

Web Server Load Balancer Detection

The remote web server seems to be running in conjunction with several others behind a load balancer. Knowing that there are multiple systems behind a service could be useful to an attacker as the underlying hosts may be running different operating systems, patchlevels, etc. C Tenable Network...

CVE-2004-0317

CVE-2004-0317 affects Load Sharing Facility (LSF) versions 4.x, 5.x, and 6.x. The vulnerability is a buffer overflow in the eauth component triggered by a long LSF_From_PC parameter, allowing local users or attackers within an LSF cluster to cause a denial of service (segmentation fault) and pote...

CVE-2004-0318

CVE-2004-0318 affects Load Sharing Facility (LSF) versions 4.x, 5.x, and 6.x. The vulnerability arises because LSF_EAUTH_UID may be used in place of the real user UID, enabling remote attackers within the local cluster to gain privileges. The underlying issue is the handling of an environment var...

CVE-2004-0317

Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x allows local users or remote attackers within the LSF cluster to cause a denial of service segmentation fault and possibly execute arbitrary code via a long LSFFromPC parameter...

CVE-2004-0318

Load Sharing Facility LSF 4.x, 5.x, and 6.x uses the LSFEAUTHUID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges...

Load Sharing Facility multiple bugs

Code execution, DoS...

Lam3rZ Security Advisory #1/2004: LSF eauth vulnerability leads to remote code execution

Lam3rZ Security Advisory 1/2004 23 Feb 2004 Remote within a cluster root in LSF Name: Load Sharing Facility versions 4.x, 5.x, 6.x Severity: High Vendor URL: http://www.platform.com Author: Tomasz Grabowski [email protected] Vendor notified: 26 Oct 2003 Vendor confirmed: 27 Oct 2003 Vendor...