[SECURITY] New version of proftpd fixes remote exploits

------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman November 11, 1999 - ------------------------------------------------------------------------ The proftpd version that was...

windows_phonedialer_bof.txt

Subject: Alert: Microsoft's Phone Dialer contains a buffer overrun that allows execution of arbitary code To: [email protected] Microsoft's Phone Dialer on Windows NT 4 all service packs contains a buffer overrun vulnerability that allows an attacker to run arbitary code in another user's...

vmware.bof.txt

Date: Fri, 25 Jun 1999 19:18:35 -0700 From: Jason R. Rhoads To: [email protected] Subject: VMware Security Alert "On June 22nd, 1999, VMware, Inc. was notified of a security problem with VMware for Linux 1.0.1. This security hole is also present in all previous versions of VMware for Linux. Th...

irixat.txt

Date: Fri, 3 Jul 1998 22:14:14 +0200 From: "J.A. Gutierrez" Subject: more about 'at' I've tried the trick from NetBSD Security Advisory 1998-004 on an IRIX 6.2 host, and it seems it works too. $ at -f /etc/shadow now + 1 minute - shadow is mailed to user: 'at' is: f 23947 91...

eggdrop137.txt

Date: Wed, 15 Jul 1998 01:03:39 +0200 From: Paul Boehm Subject: eggdrop1.3.17 security Hi, i played around with eggdrop 1.3.17 and looked at it's source searching for security flaws, and found quit a lot of them... most likely there are more of them... Summary: =2E i didn't find any bugs useable...

ms.winhelp.exploit.txt

Date: Mon, 24 May 1999 07:18:23 +0100 From: Mnemonix To: [email protected] Subject: Exploit and Analysis of the Winhlp32.exe buffer overrun. Analysis of the winhlp32.exe buffer overrun. The buffer overrun in winhlp32.exe occurs when it attempts to read a cnt file with an overly lon...

libc.nul.byte.txt

Date: Wed, 14 Oct 1998 11:42:46 +0200 From: Olaf Kirch To: [email protected] Subject: The poisoned NUL byte Summary: you can exploit a single-byte buffer overrun to gain root privs. When, half a day after releasing version 2.2beta37 of the Linux nfs server, I received a message from Larry...

ntbufferoverruns.txt

Exploiting Windows NT 4 Buffer Overruns A Case Study: RASMAN.EXE Introduction This document is for educational purposes only and explains what a buffer overrun is and shows how they can be exploited on the Windows NT 4 operating system using RASMAN.EXE as a case study. We will take a look at...

Solaris 7.0 - cancel Local Privilege Escalation

Solaris 7.0 - cancel Local Privilege Escalation / source: https://www.securityfocus.com/bid/293/info A buffer overrun condition was discovered in Solaris 2.6 X86 in /usr/bin/cancel. This buffer overflow is apparently present in the SPARC version as well although it is thought to be unexploitable...

RedHat Linux 4.2 SGI IRIX 6.3 Solaris 2.6 - mailx (2)

RedHat Linux 4.2 SGI IRIX 6.3 Solaris 2.6 - mailx 2 // source: https://www.securityfocus.com/bid/393/info A buffer overrun exists in the /bin/mailx program. This program was originally developed as part of BSD, and is available on many Unix systems. By supplying a long, well crafted buffer as the...

RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' (2)

// source: https://www.securityfocus.com/bid/393/info A buffer overrun exists in the /bin/mailx program. This program was originally developed as part of BSD, and is available on many Unix systems. By supplying a long, well crafted buffer as the username argument, an attacker can use it to execua...

RedHat Linux 4.2 SGI IRIX 6.3 Solaris 2.6 - mailx (1)

RedHat Linux 4.2 SGI IRIX 6.3 Solaris 2.6 - mailx 1 // source: https://www.securityfocus.com/bid/393/info A buffer overrun exists in the /bin/mailx program. This program was originally developed as part of BSD, and is available on many Unix systems. By supplying a long, well crafted buffer as the...

RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' (1)

// source: https://www.securityfocus.com/bid/393/info A buffer overrun exists in the /bin/mailx program. This program was originally developed as part of BSD, and is available on many Unix systems. By supplying a long, well crafted buffer as the username argument, an attacker can use it to execua...

[SECURITY] New versions of samba fixes buffer overrun

We have received reports that the samba package as shipped with Debian is vulnerable to several buffer overrun problems aka exploits. The samba group has released a patch release 1.9.18p6 that fixes these. We recommend you upgrade your samba package immediately. dpkg -i file.deb will install the...

[SECURITY] New versions of samba fixes buffer overrun

We have received reports that the samba package as shipped with Debian is vulnerable to several buffer overrun problems aka exploits. The samba group has released a patch release 1.9.18p6 that fixes these. We recommend you upgrade your samba package immediately. dpkg -i file.deb will install the...

Elm 2.32.4 - TERM Environment Variable Local Buffer Overrun

Elm 2.32.4 - TERM Environment Variable Local Buffer Overrun source: https://www.securityfocus.com/bid/8030/info A buffer overrun has been discovered in Elm. The problem occurs due to insufficient bounds checking performed before copying user-supplied data into an internal memory buffer...

Elm 2.3/2.4 - TERM Environment Variable Local Buffer Overrun

source: https://www.securityfocus.com/bid/8030/info A buffer overrun has been discovered in Elm. The problem occurs due to insufficient bounds checking performed before copying user-supplied data into an internal memory buffer. Specifically, a TERM environment variable containing excessive data...

FreeBSD-SA-96:21.talkd

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-96:21 Security Advisory FreeBSD, Inc. Topic: unauthorized access via buffer overrun in talkd Category: core Module: talkd Announced: 1997-01-18 Affects: 1.0, 1.1, 2.1.0,...

BSDOS 2.1 FreeBSD 2.1.5 NeXTstep 4.x IRIX 6.4 SunOS 4.1.34.1.4 - lpr Buffer Overrun (1)

BSDOS 2.1 FreeBSD 2.1.5 NeXTstep 4.x IRIX 6.4 SunOS 4.1.34.1.4 - lpr Buffer Overrun 1 / source: https://www.securityfocus.com/bid/707/info BSD/OS 2.1,FreeBSD 2.1.5,NeXTstep 4.0/4.1,SGI IRIX 6.4,SunOS 4.1.3/4.1.4 lpr Buffer Overrun Vulnerability 1 Due to insufficient bounds checking on arguments i...

BSDOS 2.1 FreeBSD 2.1.5 NeXTstep 4.x IRIX 6.4 SunOS 4.1.34.1.4 - usrbinlpr Buffer Overrun Privilege Escalation (2)

BSDOS 2.1 FreeBSD 2.1.5 NeXTstep 4.x IRIX 6.4 SunOS 4.1.34.1.4 - usrbinlpr Buffer Overrun Privilege Escalation 2 / source: https://www.securityfocus.com/bid/707/info Due to insufficient bounds checking on arguments in this case -C which are supplied by users, it is possible to overwrite the...