374 matches found
CVE-2002-0575
Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges...
tcpdump vulnerable to buffer overflow via improper decoding of AFS RPC (Rx) packets
Overview A vulnerability exists in tcpdump that could allow an attacker to execute arbitrary code with the privileges of tcpdump, typically root. Description tcpdump is a widely-used network sniffer that is capable of decoding AFS traffic. A buffer overflow vulnerability has been discovered in...
OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
You are running a version of OpenSSH older than OpenSSH 3.2.1. A buffer overflow exists in the daemon if AFS is enabled on your system, or if the options KerberosTgtPassing or AFSTokenPassing are enabled. Even in this scenario, the vulnerability may be avoided by enabling UsePrivilegeSeparation...
Ошибки в tcpdump (remote root)
Ошибки в утилите tcpdump FreeBSD 4.x при использовании обработчика пакетов AFS RPC позволяют получить удаленный root в результате срыва стека...
tcpdump vulnerable to buffer overflow via parsing of AFS ACL packets
Overview Tcpdump version 3.5 contains a buffer overflow vulnerability permitting unauthorized remote root access. Description Tcpdump version 3.5 added support for handling AFS packets. Unfortunately the code responsible for printing AFS access control lists contains an unchecked buffer that can ...
CVE-2000-1174
CVE-2000-1174 affects Ethereal (now Wireshark) up to version 0.8.13 and earlier, where multiple buffer overflows in the AFS ACL parser allow remote attackers to execute arbitrary commands by sending a crafted packet with a long username. The flaw is in the parser’s handling of AFS ACL data, enabl...
CVE-2000-1174
Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username...
Дырка в tcpdump
Переполнение буфера при декодировании AFS...
CVE-2000-1174
Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username...
tcpdump 3.43.5 - AFS ACL Packet Buffer Overflow
tcpdump 3.43.5 - AFS ACL Packet Buffer Overflow / source: https://www.securityfocus.com/bid/1870/info tcpdump is a popular network monitoring tool used for watching network traffic written by the Lawrence Berkeley Laboratory. It must at least begin execution as root since it opens and reads from...
tcpdump 3.4/3.5 - AFS ACL Packet Buffer Overflow
/ source: https://www.securityfocus.com/bid/1870/info tcpdump is a popular network monitoring tool used for watching network traffic written by the Lawrence Berkeley Laboratory. It must at least begin execution as root since it opens and reads from the link layer interface through pcap. It is...
Ethereal - AFS Buffer Overflow
Ethereal - AFS Buffer Overflow / source: https://www.securityfocus.com/bid/1972/info Ethereal is a network auditing utility originally written by Gerald Combs. A problem exists in the Ethereal package which can allow a remote user to execute code. The problem exists in the AFS packet parsing...
Ethereal - AFS Buffer Overflow
/ source: https://www.securityfocus.com/bid/1972/info Ethereal is a network auditing utility originally written by Gerald Combs. A problem exists in the Ethereal package which can allow a remote user to execute code. The problem exists in the AFS packet parsing routine. An algorithm string scans...
AFS Client Version Detection
This detects the AFS client version by connecting to the AFS callback port and processing the buffer received. The client version gives potential attackers additional information about the system they are attacking. Versions and types should be ommited where possible. This script was written by...