Дырка в catopen (libc)

В дополнение к ошибке форматной строки в catopen/setlocale в catopen так же имеется переполнение буфера при разборе локальных переменных окружения...

Unixware SCOhelp http server format string vulnerability

CORE SDI Inc. http://www.core-sdi.com Unixware SCOhelp http server format string vulnerability Date Published: 09/27/00 Advisory ID: CORE-092700 Bugtraq ID: 1717 CVE CAN: None currently assigned. Title: Unixware SCOhelp http server format string vulnerability Class: Input validation error Remotel...

Unixware 7.0 - SCOhelp HTTP Server Format String

Unixware 7.0 - SCOhelp HTTP Server Format String source: https://www.securityfocus.com/bid/1717/info SCO Unixware 7 default installation includes scohelp, an http server that listens on port 457/tcp and allows access to manual pages and other documentation files. The search CGI script provided fo...

Format strings: bug #2: LPRng

Hi, SUMMARY ------- LPRng is almost certainly vulnerable to remote-root compromise on account of a format string bug. The flaw is almost identical to the rpc.statd one I found; namely a faulty syslog wrapper. This is becoming a very common flaw. Details ------- Here is a code excerpt from:...

WU-FTPD 2.4.22.5 .02.6.0 - Remote Format String Stack Overwrite (2)

WU-FTPD 2.4.22.5 .02.6.0 - Remote Format String Stack Overwrite 2 // source: https://www.securityfocus.com/bid/1387/info Washington University ftp daemon wu-ftpd is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a...

Дырки в LPR-утилитах BSD

Ошибка форматной строки...

Дырка в klogd

Ошибка форматной строки позволяет получить привилегии root...

CVE-2000-0701

The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges...

Дырка в kvt

Ошибка форматной строки при разборе имени дисплея...

Дырка в agetty

Ошибка форматной строки в режиме отладки при разборе аргументов...

format string bug in muh

Hi, muh is an IRC bouncer, a program that will allow you to use any host you have a shell on as a relay between you and IRC. Moreover, muh stays connected when you are not, and can log any message you receive. The muh official homepage is : http://mind.riot.org/muh/. The latest version, 2.05d and...

Solaris 2.6/7.0 'eject' locale - Subsystem Format String

/ source: https://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide internationalization support according to the...

Solaris 2.67.0 eject locale - Subsystem Format String

Solaris 2.67.0 eject locale - Subsystem Format String / source: https://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems...

RedHat 6 GLIBClocale - Subsystem Format String

RedHat 6 GLIBClocale - Subsystem Format String / source: https://www.securityfocus.com/bid/1634/info Conectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems...

Screen-3.7.6 local compromise

Hi ppl, as mentioned in other postings the screen package is vulnerbale to the classic format string attack. I attached a simple exploit and as far as I could investigate on Suse 6.1 with screen 3.7.6: the vulnerable function is Msgint err, char fmt, ... which is invoked with the value of the...

RedHat 6 GLIBC/locale - Subsystem Format String

/ source: https://www.securityfocus.com/bid/1634/info Conectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide internationalization support according to t...

UNIX locale format string vulnerability

CORE SDI http://www.core-sdi.com UNIX locale format string vulnerability Date Published: September 4th, 2000 early release Advisory ID: CORE-090400 Bugtraq ID: 1634 CVE CAN: None currently assigned. Title: UNIX locale format string vulnerability Class: Input Validation Error Remotely Exploitable:...

Juergen Weigert screen 3.9 - User Supplied Format String

// source: https://www.securityfocus.com/bid/1641/info Various format string vulnerabilities exist in versions 3.9.5 and prior of 'screen' that may allow local users to elevate their privileges. If screen is setuid root, it is possible to alter the contents of the variable which stores the user i...

Juergen Weigert screen 3.9 - User Supplied Format String

Juergen Weigert screen 3.9 - User Supplied Format String // source: https://www.securityfocus.com/bid/1641/info Various format string vulnerabilities exist in versions 3.9.5 and prior of 'screen' that may allow local users to elevate their privileges. If screen is setuid root, it is possible to...

[SECURITY] new version of screen released

Package: screen Vulnerability: local exploit Debian-specific: no A format string bug was recently discovered in screen which can be used to gain elevated privilages if screen is setuid. Debian 2.1 slink did ship screen setuid and the exploit can be used to gain root privilages. In Debian 2.2 pota...