2464 matches found
FreeBSD Security Advisory (FreeBSD-SA-06:13.sendmail.asc)
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:13.sendmail.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (spoof on ircd)
No description provided by source. / h0dnsspoof.c - zmda - [email protected] - spoof dns on ircd's using the h0dns code - spoof dns on anything using the adns asynchronous dns resolver code - The bug: - Static source port used by the adns code - Sequential DNS ids in request packets - Initiate...
CVE-2008-2812
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service system crash or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in 1 hamradio/6pack.c, 2 hamradio/mkiss.c, 3...
kernel asynchronous IO on a FIFO kernel panic
Linux kernel before 2.4.21 allows local users to cause a denial of service kernel panic via asynchronous input or output on a FIFO special file...
Ajax allows a web page Trojan“quietly perform”-vulnerability warning-the black bar safety net
On the Ajax implementation, the developer is to think like the“Ajax to do that in user when browsing the web should not feel it to execute asynchronously, and does not need to wait for the page to refresh can be done automatically verify data”, such as whether the user name can be registered...
[SECURITY] Fedora 7 Update: c-ares-1.4.0-1.fc7
c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...
Ajax allows a web page Trojan“quietly perform”-vulnerability warning-the black bar safety net
On the Ajax implementation, the developer is to think like the“Ajax to do that in user when browsing the web should not feel it to execute asynchronously, and does not need to wait for the page to refresh can be done automatically verify data”, such as whether the user name can be registered...
[SECURITY] Fedora Core 6 Update: libsoup-2.2.99-1.fc6
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...
Backup implementation
Organization Backup I. Intro Let's start by cramming terms and definitions. Backup backup, b4kup or in the common folk backup we will call an asynchronous, in relation to modification, process of creating a copy of stored information data, which allows you to restore the previous state of the dat...
Debian DSA-1015-1 : sendmail - programming error
Mark Dowd discovered a flaw in the handling of asynchronous signals in sendmail, a powerful, efficient, and scalable mail transport agent. This allows a remote attacker to exploit a race condition to execute arbitrary code as root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
CVE-2006-3393
Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allows remote attackers to cause a denial of service CPU consumption by sending an empty UDP datagram, which is not properly discarded due to use of the FIONREAD asynchronous socket...
CVE-2006-3393
Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allows remote attackers to cause a denial of service CPU consumption by sending an empty UDP datagram, which is not properly discarded due to use of the FIONREAD asynchronous socket...
PAJAX < 0.5.2 Multiple Vulnerabilities
The remote host is running PAJAX, a PHP library for remote asynchronous objects in JavaScript. The version of PAJAX installed on the remote host fails to validate input to the 'pajax/pajaxcalldispatcher.php' script before using it in a PHP 'eval' function. An unauthenticated attacker can exploit...
Fedora Core 5 : sendmail-8.13.6-0.FC5.1 (2006-193)
Fixes CVE-2006-0058 : A flaw in the handling of asynchronous signals. A remote attacker may be able to exploit a race condition to execute arbitrary code as root. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable h...
GLSA-200603-21 : Sendmail: Race condition in the handling of asynchronous signals
The remote host is affected by the vulnerability described in GLSA-200603-21 Sendmail: Race condition in the handling of asynchronous signals ISS discovered that Sendmail is vulnerable to a race condition in the handling of asynchronous signals. Impact : An attacker could exploit this via certain...
DSA-1015-1 sendmail - programming error
Bulletin has no description...
FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:13.sendmail Security Advisory The FreeBSD Project Topic: Race condition in sendmail Category: contrib Module: contribsendmail Announced: 2006-03-22 Affects: Al...
Linux Kernel PPC64/IA64 (AIO) Local Denial of Service Exploit
Exploit for linux platform in category dos / poc ============================================================= Linux Kernel PPC64/IA64 AIO Local Denial of Service Exploit ============================================================= // // Proof of Concept by Daniel McNeil // compile using cc -o...
CVE-1999-1214
The CVE-1999-1214 issue affects the 4.4 BSD kernel’s asynchronous I/O facility. It does not validate credentials when setting the recipient of I/O notification, allowing a local user to trigger a signal to an arbitrary process ID via specific ioctl/fcntl calls, causing a denial of service. The do...
Проблема с асинхронным вводом/выводом в FreeBSD (privelege escalation)
Результат отложенной процедуры после exec может переписать память suid-процесса...