Important: Red Hat Security Advisory: xemacs security update

Updated XEmacs packages that fix a string format issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. XEmacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler...

Important: Red Hat Security Advisory: emacs security update

Updated Emacs packages that fix a string format issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team Emacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler...

Emacs, XEmacs: Format string vulnerabilities in movemail

Background GNU Emacs and XEmacs are highly extensible and customizable text editors. movemail is an Emacs utility that can fetch mail on remote mail servers. Description Max Vozeler discovered that the movemail utility contains several format string errors. Impact An attacker could set up a...

GLSA-200501-11 : Dillo: Format string vulnerability

The remote host is affected by the vulnerability described in GLSA-200501-11 Dillo: Format string vulnerability Gentoo Linux developer Tavis Ormandy found a format string bug in Dillo's handling of messages in aInterfacemsg. Impact : An attacker could craft a malicious web page which, when access...

CVE-2004-1484

The CVE-2004-1484 issue affects socat (1.4.0.3 and earlier). It is a format string vulnerability in the _msg function in error.c that can be triggered when socat is used as an HTTP proxy client with the -ly option, enabling remote attackers (or local users) to execute arbitrary code via format st...

CVE-2004-1484

Format string vulnerability in the msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message...

CVE-2004-1471

CVE-2004-1471 affects CVS: formats-string vulnerability in wrapper.c remote-code path exploited by wrappers, with CVSROOT commit access allowing DoS (crash) and potential code execution. Affected ranges are CVS 1.12.x up to 1.12.8 and 1.11.x up to 1.11.16. OpenVAS/Nessus entries corroborate multi...

CVE-2004-1469

The CVE-2004-1469 entry covers a format-string vulnerability in SUS (SUS 2.0.2, and other versions before 2.0.6) where a log() call passing a command line argument to syslog can be exploited by a local user to execute arbitrary code. Affected software is SUS; the underlying issue is a faulty form...

CVE-2004-1471

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in a wrapper line...

CVE-2004-1471

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in a wrapper line...

CVE-2004-1484

Format string vulnerability in the msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message...

CVE-2004-1398

CVE-2004-1398 describes a format string vulnerability in prelink.c within kextload on Apple OS X, used by TDIXSupport in Roxio Toast Titanium and possibly other products. The underlying issue arises from format string specifiers in the extension argument, enabling local users to execute arbitrary...

CVE-2004-1398

Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument...

security flaw

Format string vulnerability in the movemail utility in 1 Emacs 20.x, 21.3, and possibly other versions, and 2 XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets...

Important: Red Hat Security Advisory: xemacs security update

Updated XEmacs packages that fix a string format issue are now available. XEmacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of XEmacs. If a user connects to a malicious POP server, an...

security flaw

Format string vulnerability in the movemail utility in 1 Emacs 20.x, 21.3, and possibly other versions, and 2 XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets...

Important: Red Hat Security Advisory: emacs security update

Updated Emacs packages that fix a string format issue are now available. Emacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. If a user connects to a malicious POP server, an...

CVE-2005-0276

Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service application crash via format string specifiers in 1 the username, 2 cd, 3 delete, 4 rename, 5 rmdir, 6 literal, 7 stat, or 8 CWD commands...

CVE-2005-0312

WarFTPd (WarFTPD) 1.82 RC9/RC11 contains a denial-of-service vulnerability exploitable by a crafted CWD path consisting of a long string of "%s" sequences, potentially indicating a format-string issue. The flaw affects remote authenticated users (NT service context noted for RC9). Public referenc...

CVE-2005-0312

WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service access violation via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability...