Lucene search
K

1662 matches found

securityvulns
securityvulns
added 2001/01/29 12:0 a.m.19 views

Дырка в Mars_nwe

Ошибка форматной строки при вызове syslog...

0.4AI score
Exploits0References1Affected Software1
FreeBSD Advisory
FreeBSD Advisory
added 2001/01/15 12:0 a.m.5 views

FreeBSD-SA-01:02.syslog-ng

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:02 Security Advisory FreeBSD, Inc. Topic: syslog-ng remote denial-of-service Category: ports Module: syslog-ng Announced: 2001-01-15 Credits: Balazs Scheidler Affects:...

5.8AI score
Exploits0
Exploit DB
Exploit DB
added 2001/01/03 12:0 a.m.46 views

ml2 - Local users can Crash processes

include include include include error int mainint argc, char argv char foo1000; char bigmsg10000; char s, holds; int i = 0; memsetbigmsg, 'X', sizeofbigmsg-1; if argc \n", argv0; exit1; // fork; memsetfoo, 0, sizeoffoo; snprintffoo, sizeoffoo, "/proc/%s/stat", argv1; while accessfoo, FOK == 0 s =...

7.4AI score
Exploits0
Debian
Debian
added 2000/12/25 2:21 a.m.12 views

[SECURITY] [DSA-009-1] multiple stunnel vulnerabilities

Package : stunnel Problem type : insecure file handling, format string bug Debian-specific: no Lez discovered a format string problem in stunnel a tool to create Universal SSL tunnel for other network daemons. Brian Hatch responded by stating he was already preparing a new release with multiple...

5.9AI score
Exploits0
securityvulns
securityvulns
added 2000/12/19 12:0 a.m.22 views

Stunnel format bug

Macaroon Advisory Hi, ppl We have recently discovered a format bug in stunnel= 3.8 in which the log function calls directly the syslog with only two parameters: sysloglevel, text. It should be sysloglevel, "s", text. If a user can pass any string that is written to the log file, he can exploit th...

7AI score
Exploits0
CERT
CERT
added 2000/12/04 12:0 a.m.30 views

LPRng can pass user-supplied input as a format string parameter to syslog() calls

Overview A popular replacement software package to the BSD lpd printing service called LPRng contains at least one software defect known as a "format string vulnerability" which may allow remote users to execute arbitrary code on vulnerable systems. The privileges of such code will probably be...

10CVSS7.1AI score0.78658EPSS
Exploits4References17
securityvulns
securityvulns
added 2000/11/24 12:0 a.m.21 views

DoS possibility in syslog-ng

BalaBit security advisory Advisory ID: BB-2000/01 Package: syslog-ng Versions affected: versions prior to and including 1.4.8 Problem type: remote DoS attack Date: 2000-11-22 1 Background syslog-ng is a portable syslog implementation. Its highlights include regexp based log selection, TCP transpo...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2000/11/24 12:0 a.m.35 views

DoS против syslog-ng

Определенная комбинация символов приводи к краху сервиса...

0.4AI score
Exploits0References1Affected Software1
CVE
CVE
added 2000/10/13 4:0 a.m.60 views

CVE-2000-0583

CVE-2000-0583 affects the vpopmail package: the vchkpw program (versions prior to 4.8) fails to properly cleanse an untrusted format string in a syslog call, enabling remote users to trigger a denial of service by sending a USER or PASS command containing formatting directives. The remediation is...

5CVSS7AI score0.01671EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2000/09/26 12:0 a.m.29 views

Format strings: bug #2: LPRng

Hi, SUMMARY ------- LPRng is almost certainly vulnerable to remote-root compromise on account of a format string bug. The flaw is almost identical to the rpc.statd one I found; namely a faulty syslog wrapper. This is becoming a very common flaw. Details ------- Here is a code excerpt from:...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2000/09/26 12:0 a.m.32 views

Format strings: bug #1: BSD-lpr

Hi, INTRO ----- Welcome to a short series of security bugs, all involving mistakes with "user supplied format strings". This class of bug is very popular on Bugtraq at the moment, so what an ideal time for a few examples. BSD-lpr ------- If we look into lpr/lpd/printjob.c, we can find the followi...

Exploits0
Packet Storm
Packet Storm
added 2000/09/13 12:0 a.m.42 views

irix.telnetd.txt

We've found a very severe vulnerability in the IRIX telnetd service that upon successful exploitation can give remote root access to any IRIX 6.2-6.5.8m,f system. The bug discussed here appeared in IRIX 5.2-6.1 systems and was the result of SGI efforts to patch a security vulnerability reported b...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2000/08/01 12:0 a.m.38 views

Conectiva 4.x/5.x / Debian 2.x / RedHat 6.x / S.u.S.E 6.x/7.0 / Trustix 1.x - rpc.statd Remote Format String (2)

// source: https://www.securityfocus.com/bid/1480/info A vulnerability exists in the 'rpc.statd' program, which is part of the 'nfs-utils' package that is shipped with a number of popular Linux distributions. Because of a format-string vulnerability when calling the 'syslog' function, a remote...

7.4AI score
Exploits0
NVD
NVD
added 2000/06/30 4:0 a.m.17 views

CVE-2000-0583

vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives...

5CVSS7AI score0.01671EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2000/06/30 12:0 a.m.5 views

PT-2000-1517 · Vpopmail · Vpopmail

Name of the Vulnerable Software and Affected Versions: vpopmail versions prior to 4.8 Description: The issue is related to the vchkpw program in vpopmail, which does not properly cleanse an untrusted format string used in a call to syslog. This allows remote attackers to cause a denial of service...

5CVSS6.9AI score0.01671EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2000/04/07 12:0 a.m.30 views

fcheck.txt

The short explanation: fcheck is a file integrity checker written in perl. It can send warnings to syslog via an external program such as logger1. Because it calls system with a scalar argument, a malicious user can cause it to execute programs by creating files with shell metacharacters in their...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2000/02/04 5:0 a.m.36 views

CVE-1999-0171

Denial of service in syslog by sending it a large number of superfluous messages...

6.6AI score0.00368EPSS
Exploits0References1
CVE
CVE
added 2000/02/04 5:0 a.m.54 views

CVE-1999-0171

The CVE-1999-0171 issue is described in multiple connected sources as a denial-of-service in syslogd (notably on IRIX). SGI’s advisory attributes a buffer overrun in the syslogd binary that can crash the service, potentially enabling remote exploitation and DoS. The advisory states this vulnerabi...

2.1CVSS6.8AI score0.00368EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2000/02/04 5:0 a.m.33 views

CVE-1999-0381

super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access...

7.1AI score0.00727EPSS
Exploits0References2
CVE
CVE
added 1999/09/29 4:0 a.m.61 views

CVE-1999-0566

Affected software: SGI IRIX syslogd (remote logging daemon). Root cause / vulnerability type: remote buffer overflow in syslogd that can be triggered to crash or potentially execute code. Impact: denial of service (crash) and possible arbitrary code execution with syslogd privileges. Exploitation...

5CVSS6.7AI score0.01348EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder