UPDATE: Format String Vulnerability in Valve's CS-Source

In-Reply-To: [email protected] Hi, i just found out, that u can also use it remotely against the server without any knowledge of the rcon-password! just do the following: type 'name "n"' without ' to console and wait until you get killed. The server will be killed,...

Apache mod_ssl format string bug

Format string bug if modssl is used in conjunction with modproxy for SSL proxing https://foos.example.com/...

CVE-2005-0188

Format string vulnerability in the SetBaseURL function in AtHoc toolbar allows remote attackers to execute arbitrary code via format string specifiers in an invalid URL that is recorded in the debug log...

In-game format string in Judge Dredd vs. Death 1.01

Luigi Auriemma Application: Judge Dredd: Dredd vs. Death http://www.dreddvsdeath.com Versions: = 1.01 Platforms: Windows Bug: format string Exploitation: remote, versus server in-game Date: 02 October 2004 Author: Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org 1...

Debian DSA-098-1 : libgtop - format string vulnerability and buffer overflow

Two different problems were found in libgtop-daemon : - The laboratory intexxia found a format string problem in the logging code from libgtopdaemon. There were two logging functions which are called when authorizing a client which could be exploited by a remote user. - Flavio Veloso found a buff...

Debian DSA-370-1 : pam-pgsql - format string

Florian Zumbiehl reported a vulnerability in pam-pgsql whereby the username to be used for authentication is used as a format string when writing a log message. This vulnerability may allow an attacker to execute arbitrary code with the privileges of the program requesting PAM authentication...

Debian DSA-524-1 : rlpr - several vulnerabilities

discovered a format string vulnerability in rlpr, a utility for lpd printing without using /etc/printcap. While investigating this vulnerability, a buffer overflow was also discovered in related code. By exploiting one of these vulnerabilities, a local or remote user could potentially cause...

Debian DSA-277-1 : apcupsd - buffer overflows, format string

The controlling and management daemon apcupsd for APC's Unbreakable Power Supplies is vulnerable to several buffer overflows and format string attacks. These bugs can be exploited remotely by an attacker to gain root access to the machine apcupsd is running on. %NASLMINLEVEL 70300 C Tenable Netwo...

Debian DSA-487-1 : neon - format string

Multiple format string vulnerabilities were discovered in neon, an HTTP and WebDAV client library. These vulnerabilities could potentially be exploited by a malicious WebDAV server to execute arbitrary code with the privileges of the process using libneon. %NASLMINLEVEL 70300 C Tenable Network...

Debian DSA-139-1 : super - format string vulnerability

GOBBLES found an insecure use of format strings in the super package. The included program super is intended to provide access to certain system users for particular users and programs, similar to the program sudo. Exploiting this format string vulnerability a local user can gain unauthorized roo...

Debian DSA-447-1 : hsftp - format string

Ulf Harnhammar from the Debian Security Audit Project discovered a format string vulnerability in hsftp. This vulnerability could be exploited by an attacker able to create files on a remote server with carefully crafted names, to which a user would connect using hsftp. When the user requests a...

Debian DSA-529-1 : netkit-telnet-ssl - format string

'b0f' discovered a format string vulnerability in netkit-telnet-ssl which could potentially allow a remote attacker to cause the execution of arbitrary code with the privileges of the telnet daemon the 'telnetd' user by default. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

Debian DSA-513-1 : log2mail - format string

[email protected] discovered a format string vulnerability in log2mail, whereby a user able to log a specially crafted message to a logfile monitored by log2mail for example, via syslog could cause arbitrary code to be executed with the privileges of the log2mail process. By default, this...

Debian DSA-449-1 : metamail - buffer overflow, format string bugs

Ulf Harnhammar discovered two format string bugs CAN-2004-0104 and two buffer overflow bugs CAN-2004-0105 in metamail, an implementation of MIME. An attacker could create a carefully-crafted mail message which will execute arbitrary code as the victim when it is opened and parsed through metamail...

Debian DSA-016-3 : wu-ftpd - temp file creation and format string

Security people at WireX have noticed a temp file creation bug and the WU-FTPD development team has found a possible format string bug in wu-ftpd. Both could be remotely exploited, though no such exploit exists currently. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...

Debian DSA-485-1 : ssmtp - format string

Max Vozeler discovered two format string vulnerabilities in ssmtp, a simple mail transport agent. Untrusted values in the functions die and logevent were passed to printf-like functions as format strings. These vulnerabilities could potentially be exploited by a remote mail relay to gain the...

Debian DSA-085-1 : nvi - Format string vulnerability

Takeshi Uno found a very stupid format string vulnerability in all versions of nvi in both, the plain and the multilingualized version. When a filename is saved, it ought to get displayed on the screen. The routine handling this didn't escape format strings. %NASLMINLEVEL 70300 C Tenable Network...

Debian DSA-468-1 : emil - several vulnerabilities

Ulf Harnhammar discovered a number of vulnerabilities in emil, a filter for converting Internet mail messages. The vulnerabilities fall into two categories : - CAN-2004-0152 Buffer overflows in 1 the encodemime function, 2 the encodeuuencode function, 3 the decodeuuencode function. These bugs cou...

Debian DSA-522-1 : super - format string vulnerability

Max Vozeler discovered a format string vulnerability in super, a program to allow specified users to execute commands with root privileges. This vulnerability could potentially be exploited by a local user to execute arbitrary code with root privileges. %NASLMINLEVEL 70300 C Tenable Network...

Debian DSA-532-2 : libapache-mod-ssl - several vulnerabilities

Two vulnerabilities were discovered in libapache-mod-ssl : - CAN-2004-0488 Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client...