Courier-IMAP 3.0.2-r1 - 'auth_debug()' Remote Format String

/ courier-imap = 3.0.2-r1 Remote Format String Vulnerability exploit Author: ktha at hush dot com Tested on FreeBSD 4.10-RELEASE with courier-imap-3.0.2 Special thanks goes to andrewg for providing the FreeBSD box. Greetings: all the guys from irc pulltheplug com and irc netric org bash-2.05b$...

CVE-2003-0081

Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers...

CVE-2003-0969

mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability...

CVE-2004-0159

Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command...

CVE-2003-0081

CVE-2003-0081 affects Ethereal (packet analyzer) with a format string vulnerability in the SOCKS dissector, impacting Ethereal 0.8.7–0.9.9. Remote attackers could execute arbitrary code by sending crafted SOCKS packets. Debian, Red Hat, Mandrake/Mandriva, SUSE and other advisories reference this ...

CVE-2004-0159

Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and potentially execute arbitrary code via file names crafted to trigger unsafe handling during directory listings. Debian’s DSA-447-1 confirms the fix is to upgrade hsftp (current patched ver...

CVE-2003-0969

The CVE-2003-0969 entry concerns mpg321, affected in version 0.2.10, where a format-string vulnerability could allow remote attackers to overwrite memory or execute code by feeding specially crafted MP3 data that causes unsafe printf usage. Impact is potential arbitrary code execution; exploitati...

CVE-2003-0103

CVE-2003-0103 describes a format-string vulnerability in the Nokia 6210 handset. A crafted Multi-Part vCard containing many format specifiers can cause a remote denial of service (crash, lockup, or restart). The initial sources identify the impacted device and the vulnerability class, but do not ...

CVE-2001-0792

CVE-2001-0792 describes a format-string vulnerability in XChat 1.2.x that lets remote attackers execute arbitrary code via a malformed nickname. The provided documents identify the affected product as XChat 1.2.x and classify the issue as a remote, unauthenticated vector with potential for arbitr...

CVE-2002-0842

CVE-2002-0842 is a format-string vulnerability in Oracle’s mod_dav extension (used for logging gateway errors) that could enable remote code execution via a crafted destination URI triggering a 502 Bad Gateway. The vulnerability affects Oracle9i Application Server 9.0.2 (and related mod_dav code ...

CVE-2002-1519

The CVE-2002-1519 entry describes a format-string vulnerability in the CLI interface of WatchGuard Firebox Vclass (3.2 and earlier) and RSSA Appliance 3.0.2. The issue arises from format string specifiers in the password parameter, allowing remote attackers to trigger denial of service and potent...

CVE-2004-0165

Format string vulnerability in Point-to-Point Protocol PPP daemon pppd 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges...

CVE-2002-0842

Format string vulnerability in certain third party modifications to moddav for logging bad gateway messages e.g. Oracle9i Application Server 9.0.2 allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string...

CVE-2003-0103

Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service crash, lockup, or restart via a Multi-Part vCard with fields containing a large number of format string specifiers...

CVE-2002-1381

Exim contains a format string vulnerability in daemon.c that affects Exim 4.x up to 4.10 and 3.x up to 3.36. The root cause is a format string flaw that allows an administrator (local) to execute arbitrary code by modifying the pid_file_path value. The connected records confirm the affected versi...

CVE-2001-1081

Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages...

CVE-2004-0165

The Mac OS X PPP daemon (pppd) 2.4.0 on Mac OS X ≤10.3.2 is affected by a format-string vulnerability in option_error() that can cause vslprintf() to leak data from the pppd process, potentially exposing PAP/CHAP credentials. This may enable reading arbitrary pppd data when the service is used as...

CVE-2003-0969

mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability...

CVE-2002-1244

Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in the USER command...

vpopmail: Multiple vulnerabilities

Background vpopmail handles virtual mail domains for qmail and Postfix. Description vpopmail is vulnerable to several unspecified SQL injection exploits. Furthermore when using Sybase as the backend database vpopmail is vulnerable to a buffer overflow and format string exploit. Impact These...