CVE-2001-0032

Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL...

Дырка в startinnfeed (inn)

Ошибка форматной строки потенциально позволяет члену группы news получить root...

Format string bug in startinnfeed

Description -------------- The 'startinnfeed' binary contains various format string bugs. Most of the command line options passes user given arguments to 'syslog' as format string. For example: paul@ps:/usr/home/paul /usr/lib/news/bin/startinnfeed -a "xxnnnnnnn" segmentation fault...

[SECURITY] [DSA 028-1] New man-db packages released

---------------------------------------------------------------------------- Debian Security Advisory DSA-028-1 [email protected] http://www.debian.org/security/ Martin Schulze February 9, 2001 - ---------------------------------------------------------------------------- Package : man-db...

Response to ProFTPD issues

======= Summary ======= Three issues with the ProFTPD FTP server have been reported to BUGTRAQ in the past month. These issues have been addressed by the ProFTPD core team. The following vulnerabilities are addressed in this advisory: 1. "SIZE memory leak"...

CVE-2001-0032

Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL...

Дырка в man (linux)

Ошиюка форматной строки при разборе агрументов...

SuSe / Debian man package format string vulnerability

Hi, This issue has been discussed in vuln-dev 2001-01-26, see: http://www.securityfocus.com/templates/archive.pike?end=2001-01-27&tid=15872 4&fromthread=0&start=2001-01-21&threads=1&list=82& Posted also on suse security list, and aparently overlooked. The man package that ships with SuSe Linux at...

Debian 2.2 Su.S.E 6.36.47.0 - man -l Format String

Debian 2.2 Su.S.E 6.36.47.0 - man -l Format String source: https://www.securityfocus.com/bid/2327/info man is the manual page viewing program, available with the Linux Operating System in this implementation. It is freely distributed and openly maintained. A problem with the man command may allow...

Большие дыры в bind

В BIND 8 удаленное переполнение буфера в в реализации Transaction Signatures TSIG, в BIND 4 ошибка форматной строки...

ISSalert: Internet Security Systems Security Alert: Remote Vulnerabilities in BIND versions 4 and 8

Internet Security Systems Security Alert January 29, 2001 Remote Vulnerabilities in BIND versions 4 and 8 Synopsis: ISS X-Force is aware of several vulnerabilities in current versions of Internet Software Consortiums Berkeley Internet Name Domain BIND. There is a buffer overflow present in BIND...

format string vulnerability in mars_nwe 0.99pl19

Hello, Marsnwe 0.99.pl19 is vulnerable to remote format string vulnerability, allowing to gain superuser privileges from DOS/Windows workstations attached to mars server. Here is the patch: --- tools.c.orig Fri Jan 26 22:46:34 2001 +++ tools.c Fri Jan 26 22:46:59 2001 @@ -189,7 +189,7 @@...

[SECURITY] [DSA-016-3] Correction: New version of wu-ftpd released

---------------------------------------------------------------------------- Debian Security Advisory DSA-016-3 [email protected] http://www.debian.org/security/ Martin Schulze January 24, 2001 - ---------------------------------------------------------------------------- Package : wu-ftpd...

Icecast utils.c fd_write Function Format String

The remote server claims to be running Icecast 1.3.7 or 1.3.8beta2. These versions are vulnerable to a format string attack that could allow an attacker to execute arbitrary commands on this host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10600; scriptversion...

[SECURITY] [DSA-016-2] Correction: New version of wu-ftpd released

---------------------------------------------------------------------------- Debian Security Advisory DSA-016-2 [email protected] http://www.debian.org/security/ Martin Schulze January 23, 2001 - ---------------------------------------------------------------------------- Package : wu-ftpd...

[SECURITY] [DSA-014-2] Correction: New version of splitvt released

---------------------------------------------------------------------------- Debian Security Advisory DSA-014-2 [email protected] http://www.debian.org/security/ Martin Schulze January 23, 2001 - ---------------------------------------------------------------------------- Package : splitvt...

[SECURITY] [DSA-016-1] New version of wu-ftpd released

---------------------------------------------------------------------------- Debian Security Advisory DSA-016-1 [email protected] http://www.debian.org/security/ Martin Schulze January 23, 2001 - ---------------------------------------------------------------------------- Package : wu-ftpd...

[SECURITY] [DSA-014-1] New version of splitvt released

---------------------------------------------------------------------------- Debian Security Advisory DSA-014-1 [email protected] http://www.debian.org/security/ Martin Schulze January 23, 2001 - ---------------------------------------------------------------------------- Package : splitvt...

WU-FTPD 2.4.22.52.6 - Debug Mode Client Hostname Format String

WU-FTPD 2.4.22.52.6 - Debug Mode Client Hostname Format String source: https://www.securityfocus.com/bid/2296/info Wu-ftpd is a widely used unix ftp server. It contains a format string vulnerability that may be exploitable under certain perhaps 'extreme' circumstances. When running in debug mode,...

WU-FTPD 2.4.2/2.5/2.6 - Debug Mode Client Hostname Format String

source: https://www.securityfocus.com/bid/2296/info Wu-ftpd is a widely used unix ftp server. It contains a format string vulnerability that may be exploitable under certain perhaps 'extreme' circumstances. When running in debug mode, Wu-ftpd logs user activity to syslog in an insecure manner. An...