ssmtp insecure file creation

Hi, ssmtp 2.50.6 create a logfile /tmp/ssmtp.log. The data in this logfile is user specified. It's possible to overwrite any file with the permissons of the ssmtp program normally root. The vulnerable call is in logevent. logevent vulnerable call: ifdef LOGFILE iffp = fopen"/tmp/ssmtp.log", "a" !...

[Full-Disclosure] Possible race condition in Symantec AntiVirus Scan Engine for Red Hat Linux during LiveUpdate

Hi, during evaluation of Symantec AntiVirus Scan Engine for Red Hat Linux file: ScanEngine430-RedHat-1.zip we found a race condition using default configuration. Like written in "ImplementationGuide.pdf" on page 134 LiveUpdate can be triggered by cron via a shell script:...

CVE-2003-0812

Stack-based buffer overflow in a logging function for Windows Workstation Service WKSSVC.DLL allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file "NetSetup.LOG", as demonstrated using the NetAddAlternateComputerName API...

Vulnerabilities in Easy File Sharing Web Server (1.2 NEW).

Vulnerabilities in Easy File Sharing Web Server 1.2 NEW. +-----------------------------+ Vendor: www.sharing-file.com Version: 1.2 new Date: Sep 22, 2003 Size: 2115KB Mini-description: "Easy File Sharing Web Server contains several built-in systems including HTTP Web Server,multi-threads database...

CVE-2002-0678

CVE-2002-0678 relates to the CDE ToolTalk RPC database server (rpc.ttdbserverd). The OpenVAS/CERT CORE disclosures describe two vulnerabilities: (1) _TT_ISCLOSE range-check flaw permitting memory overwriting of the process when a local or remote client calls _TT_ISCLOSE; (2) _TT_TRANSACTION/log_f...

Important: Red Hat Security Advisory: apache, openssl, php security update for Stronghold

Updated versions of Stronghold 3.0 are available to fix a number of vulnerabilities in OpenSSL, Apache, and PHP. Stronghold 3.0 contains a number of open source technologies such as OpenSSL, Apache, and PHP. The following paragraphs describe a number of issues that have been found in versions of...

Apache descriptor leakage

Few descriptors, including descriptor to log file are leaked on CGI application execution...

CVE-2002-1508

slapd in OpenLDAP2 OpenLDAP 2 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests...

CVE-2002-1508

CVE-2002-1508 affects OpenLDAP2 (OpenLDAP 2) where the slapd service on version 2.2.0 and earlier is vulnerable to a race condition that can allow a local user to overwrite arbitrary files during the creation of a log file for rejected replication requests. The vulnerability is rooted in how the ...

CVE-2002-1508

slapd in OpenLDAP2 OpenLDAP 2 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests...

CVE-2002-1694

Microsoft Internet Information Server IIS 4.0 opens log files with FILESHAREREAD and FILESHAREWRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running...

CVE-2002-1695

Norton Internet Security 2001 opens log files with FILESHAREREAD and FILESHAREWRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running...

CVE-2002-1869

Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer...

CVE-2002-2187

Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact...

CVE-2002-2051

The processorweb plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a symlink attack on files specified as hostnames in a log file...

PT-2002-2779 · Teekai · Teekai Tracking Online

Name of the Vulnerable Software and Affected Versions: TeeKai Tracking Online version 1.0 Description: The issue concerns the weak encryption of web usage statistics stored in the data/userlog/log.txt file. This weakness allows remote attackers to identify the IP addresses of visitors to the site...

PT-2002-2591 · Heysoft +1 · Heysoft Eventsave +1

Name of the Vulnerable Software and Affected Versions: Heysoft EventSave versions 5.1 through 5.2 Heysoft EventSave+ versions 5.1 through 5.2 Description: The issue allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer...

Netscape and iPlanet Enterprise Servers fail to sanitize log files before they are displayed using the administration client

Overview IPlanet Enterprise Server and Netscape Enterprise Server versions prior to 4.1. SP12 have a vulnerability involving the rendering of tags embedded in the web logs when viewed through the administration client. Description Requests made to web servers are routinely logged by the web serve...

Moderate: Red Hat Security Advisory: webalizer security update

Updated Webalizer packages are available for Red Hat Linux Advanced Server 2.1 which fix an obscure buffer overflow bug in the DNS resolver code. Updated 13 Jan 2003 Added fixed packages for the Itanium IA64 architecture. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1...

TCP flood against NetGear FM114P

Hi! I've got a lot of availability trouble with my NetGear FM114P. After asking the support and no good answer I started doing some test for myself. It seems possible to crash the NetGear FM114P with many TCP connects. I did some tests on my FM114P firmware Version 1.3 Release 05 and these are th...