1419 matches found
Много дырок в ssh (ssh1, ssh2, openssh)
Проблемы с перезаписью памяти, проблемы с обменом ключей, позволяющие перехватить сеансовый ключ...
[NetGuard Security] NSI Rwhoisd another Remote Format String Vulnerability
NSI Rwhoisd another Remote Format String Vulnerability Release infomation ------------------ Release Date: 2001-11-22 Author: By NetGuard Security Team alert7 [email protected] Homepage: http://www.netguard.com.cn/ Description ----------- Rwhoisd is a publicly available RWHOIS server daemon...
NSI RWhoisd contains format string vulnerability in print_error()
Overview A remotely exploitable format string vulnerability exists in the Referral Whois server daemon RWhoisd. Description As the Internet has grown, the centralized whois database was not able to scale. In order to deal with scaling the whois system, Referral Whois was developed. Referral Whois...
CVE-2001-1009
Fetchmail aka fetchmail-ssl before 5.8.17 allows a remote malicious 1 IMAP server or 2 POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request...
Fetchmail 5.x - POP3 Reply Signed Integer Index
Fetchmail 5.x - POP3 Reply Signed Integer Index // source: https://www.securityfocus.com/bid/3164/info Fetchmail is a unix utility for downloading email from mail servers via POP3. Fetchmail contains a vulnerability that may allow for remote attackers to gain access to client systems. The...
Fetchmail 5.x - IMAP Reply Signed Integer Index
Fetchmail 5.x - IMAP Reply Signed Integer Index // source: https://www.securityfocus.com/bid/3166/info Fetchmail is a unix utility for downloading email from mail servers via POP3 and IMAP. Fetchmail contains a vulnerability that may allow for remote attackers to gain access to client systems. Th...
Fetchmail 5.x - POP3 Reply Signed Integer Index
// source: https://www.securityfocus.com/bid/3164/info Fetchmail is a unix utility for downloading email from mail servers via POP3. Fetchmail contains a vulnerability that may allow for remote attackers to gain access to client systems. The vulnerability has to do with the use of a remotely...
Fetchmail 5.x - IMAP Reply Signed Integer Index
// source: https://www.securityfocus.com/bid/3166/info Fetchmail is a unix utility for downloading email from mail servers via POP3 and IMAP. Fetchmail contains a vulnerability that may allow for remote attackers to gain access to client systems. The vulnerability has to do with the use of a...
CFINGERD remote vulnerability
Hi Following the recent habits, I break the advisory into 4 parts: OVERVIEW: --------- There is a critical bug in cfingerd daemon = 1.4.3, a classic format bug that makes possible to acquire full control over the remote machine if it runs the cfingerd program, the configurable and secure finger...
SCO 5.0.6 issues (lpusers)
====================================================================== Strategic Reconnaissance Team Security AdvisorySRT2001-05 Topic: SCO 5.0.6 issues lpusers Vendor: SCO Release Date: 03/27/01 ====================================================================== .: Description SCO OpenServer...
Локальная дырка в Sendmail (sendmail -bt)
Отрицательный индекс массива позволяет переписать область памяти...
[SECURITY] [DSA 027-1] New OpenSSH packages released
---------------------------------------------------------------------------- Debian Security Advisory DSA-027-1 [email protected] http://www.debian.org/security/ Martin Schulze February 8, 2001 - ---------------------------------------------------------------------------- Package : openssh...
Icecast 1.3.71.3.8 - print_client() Format String
Icecast 1.3.71.3.8 - printclient Format String // source: https://www.securityfocus.com/bid/2264/info Versions of icecast up to and including 1.3.8 beta2 exhibit a format string vulnerability in the printclientfunction of utility.c. A malicious user can cause the printf function to overwrite memo...
Icecast 1.3.7/1.3.8 - 'print_client()' Format String
// source: https://www.securityfocus.com/bid/2264/info Versions of icecast up to and including 1.3.8 beta2 exhibit a format string vulnerability in the printclientfunction of utility.c. A malicious user can cause the printf function to overwrite memory at possibly arbitrary addresses. Exploits...
tinyproxy tinyproxy 1.3.2/1.3.3 - Remote Heap Overflow
// source: https://www.securityfocus.com/bid/2217/info Versions 1.3.2 and 1.3.3 of tinyproxy, a small HTTP proxy, exhibit a vulnerability to heap overflow attacks. A failure to properly validate user-supplied input which arguments a call to sprintf can allow unexpectedly large amounts of input to...
Дырка в traceroute
Используется функция free с невыделенным фрагментом памяти. Потенциально это позволяет переписать часть данных в стеке процесса...
Linux Kernel 2.02.12.2 - autofs Denial of Service
Linux Kernel 2.02.12.2 - autofs Denial of Service source: https://www.securityfocus.com/bid/312/info The autofs module provides support for the automount filesystem, as well as the interface between the kernel and the automountd daemon, which is responsible for the actual mounting. Calls such as...
Solaris 2.5.1 - chkey Local Privilege Escalation
Solaris 2.5.1 - chkey Local Privilege Escalation / source: https://www.securityfocus.com/bid/207/info The chkey program is used to change a users secure RPC Diffie-Hellman public key and secret key pair. A buffer overflow condition has been found in the chkey program. Since chkey has setuid root...
Solaris 2.5.1 - 'chkey' Local Privilege Escalation
/ source: https://www.securityfocus.com/bid/207/info The chkey program is used to change a users secure RPC Diffie-Hellman public key and secret key pair. A buffer overflow condition has been found in the chkey program. Since chkey has setuid root permissions, an unauthorized user may be able to...