CVE-2001-0032

Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL...

Дырка в man (linux)

Ошиюка форматной строки при разборе агрументов...

SuSe / Debian man package format string vulnerability

Hi, This issue has been discussed in vuln-dev 2001-01-26, see: http://www.securityfocus.com/templates/archive.pike?end=2001-01-27&tid=15872 4&fromthread=0&start=2001-01-21&threads=1&list=82& Posted also on suse security list, and aparently overlooked. The man package that ships with SuSe Linux at...

Debian 2.2 Su.S.E 6.36.47.0 - man -l Format String

Debian 2.2 Su.S.E 6.36.47.0 - man -l Format String source: https://www.securityfocus.com/bid/2327/info man is the manual page viewing program, available with the Linux Operating System in this implementation. It is freely distributed and openly maintained. A problem with the man command may allow...

Большие дыры в bind

В BIND 8 удаленное переполнение буфера в в реализации Transaction Signatures TSIG, в BIND 4 ошибка форматной строки...

ISSalert: Internet Security Systems Security Alert: Remote Vulnerabilities in BIND versions 4 and 8

Internet Security Systems Security Alert January 29, 2001 Remote Vulnerabilities in BIND versions 4 and 8 Synopsis: ISS X-Force is aware of several vulnerabilities in current versions of Internet Software Consortiums Berkeley Internet Name Domain BIND. There is a buffer overflow present in BIND...

format string vulnerability in mars_nwe 0.99pl19

Hello, Marsnwe 0.99.pl19 is vulnerable to remote format string vulnerability, allowing to gain superuser privileges from DOS/Windows workstations attached to mars server. Here is the patch: --- tools.c.orig Fri Jan 26 22:46:34 2001 +++ tools.c Fri Jan 26 22:46:59 2001 @@ -189,7 +189,7 @@...

[SECURITY] [DSA-016-3] Correction: New version of wu-ftpd released

---------------------------------------------------------------------------- Debian Security Advisory DSA-016-3 [email protected] http://www.debian.org/security/ Martin Schulze January 24, 2001 - ---------------------------------------------------------------------------- Package : wu-ftpd...

Icecast utils.c fd_write Function Format String

The remote server claims to be running Icecast 1.3.7 or 1.3.8beta2. These versions are vulnerable to a format string attack that could allow an attacker to execute arbitrary commands on this host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10600; scriptversion...

[SECURITY] [DSA-016-2] Correction: New version of wu-ftpd released

---------------------------------------------------------------------------- Debian Security Advisory DSA-016-2 [email protected] http://www.debian.org/security/ Martin Schulze January 23, 2001 - ---------------------------------------------------------------------------- Package : wu-ftpd...

[SECURITY] [DSA-014-2] Correction: New version of splitvt released

---------------------------------------------------------------------------- Debian Security Advisory DSA-014-2 [email protected] http://www.debian.org/security/ Martin Schulze January 23, 2001 - ---------------------------------------------------------------------------- Package : splitvt...

[SECURITY] [DSA-016-1] New version of wu-ftpd released

---------------------------------------------------------------------------- Debian Security Advisory DSA-016-1 [email protected] http://www.debian.org/security/ Martin Schulze January 23, 2001 - ---------------------------------------------------------------------------- Package : wu-ftpd...

[SECURITY] [DSA-014-1] New version of splitvt released

---------------------------------------------------------------------------- Debian Security Advisory DSA-014-1 [email protected] http://www.debian.org/security/ Martin Schulze January 23, 2001 - ---------------------------------------------------------------------------- Package : splitvt...

WU-FTPD 2.4.22.52.6 - Debug Mode Client Hostname Format String

WU-FTPD 2.4.22.52.6 - Debug Mode Client Hostname Format String source: https://www.securityfocus.com/bid/2296/info Wu-ftpd is a widely used unix ftp server. It contains a format string vulnerability that may be exploitable under certain perhaps 'extreme' circumstances. When running in debug mode,...

WU-FTPD 2.4.2/2.5/2.6 - Debug Mode Client Hostname Format String

source: https://www.securityfocus.com/bid/2296/info Wu-ftpd is a widely used unix ftp server. It contains a format string vulnerability that may be exploitable under certain perhaps 'extreme' circumstances. When running in debug mode, Wu-ftpd logs user activity to syslog in an insecure manner. An...

CVE-2000-0901

Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbellmsg initialization variable...

CVE-2000-0947

Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command...

CVE-2000-0994

Format string vulnerability in OpenBSD fstat program and possibly other BSD-based operating systems allows local users to gain root privileges via the PWD environmental variable...

CVE-2000-0996

CVE-2000-0996: A format-string vulnerability in the OpenBSD su utility (and possibly other BSD-based OSes) allows a local attacker to gain root privileges via a malformed shell. The issue is described in the NVD entry with a CVSS v2 base score of 7.2 (HIGH) and LOCAL, LOW–complexity conditions, e...

CVE-2000-0993

Format string vulnerability in pwerror function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd...