256 matches found
FreeBSD-SA-01:34.hylafax
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:34 Security Advisory FreeBSD, Inc. Topic: hylafax contains local compromise Category: ports Module: hylafax Announced: 2001-04-23 Credits: Marcin Dawcewicz Affects: Ports...
cfingerd 1.4 - Format String (2)
// source: https://www.securityfocus.com/bid/2576/info A format string bug in the logging facility of the cfingerd "Configurable Finger Daemon" allows remote users to attain root privileges and execute arbitrary code. cfingerd queries and logs the remote username of users of the service. If an...
cfingerd 1.4 - Format String (2)
cfingerd 1.4 - Format String 2 // source: https://www.securityfocus.com/bid/2576/info A format string bug in the logging facility of the cfingerd "Configurable Finger Daemon" allows remote users to attain root privileges and execute arbitrary code. cfingerd queries and logs the remote username of...
cfingerd 1.4 - Format String (1)
cfingerd 1.4 - Format String 1 source: https://www.securityfocus.com/bid/2576/info A format string bug in the logging facility of the cfingerd "Configurable Finger Daemon" allows remote users to attain root privileges and execute arbitrary code. cfingerd queries and logs the remote username of...
another format string bug
There is a format string bug in 'pwc' ftp://ftp.media-com.com.pl/pub/other/pwc.tar.gz. This CGI script is used to change users password via www blah!. writelog call syslog function, which 'eats' ; characters and log it to system logs. But you can paste shellcode into buffers512 and syslog will ru...
Remote buffer overflow, remote DoS and format string bug in current IRCd's tkserv
Abstract ----------- There are 3 major bugs in the current IRCd distribution as used on the IRCnet for example. The included service daemon 'tkserv' tkserv.c v1.3.0 and all previous versions suffers from: a remote exploitable buffer overflow while querying tklines b memory leck due to strdup'ing...
NT drivers are potentially vulnerable to format string bug
Many NT drivers are potentially vulnerable to "format string bug". The problem is concerned with DbgPrint function that is used for debug messages. Some drivers instead of directly call of this function use additional intermediate functions. Those functions add a prefix to an outputted string,...
Format string bug in startinnfeed
Description -------------- The 'startinnfeed' binary contains various format string bugs. Most of the command line options passes user given arguments to 'syslog' as format string. For example: paul@ps:/usr/home/paul /usr/lib/news/bin/startinnfeed -a "xxnnnnnnn" segmentation fault...
[SECURITY] [DSA-016-1] New version of wu-ftpd released
---------------------------------------------------------------------------- Debian Security Advisory DSA-016-1 [email protected] http://www.debian.org/security/ Martin Schulze January 23, 2001 - ---------------------------------------------------------------------------- Package : wu-ftpd...
[SECURITY] New version of Debian php4 packages released (updated)
Package: php4 Vulnerability: possible remote exploit Debian-specific: no Vulnerable: yes Updated version: corrected URLs In versions of the PHP 4 packages before version 4.0.3, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the...
[RHSA-2000:066-03] lpr has a format string security bug, LPRng compat issues, and a race cond.
--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: lpr has a format string security bug, LPRng compat issues, and a race cond. Advisory ID: RHSA-2000:066-03 Issue date: 2000-09-25 Updated on: 2000-10-04 Product: Red Hat Linux Keywords:...
Format strings: bug #2: LPRng
Hi, SUMMARY ------- LPRng is almost certainly vulnerable to remote-root compromise on account of a format string bug. The flaw is almost identical to the rpc.statd one I found; namely a faulty syslog wrapper. This is becoming a very common flaw. Details ------- Here is a code excerpt from:...
format string bug in muh
Hi, muh is an IRC bouncer, a program that will allow you to use any host you have a shell on as a relay between you and IRC. Moreover, muh stays connected when you are not, and can log any message you receive. The muh official homepage is : http://mind.riot.org/muh/. The latest version, 2.05d and...
[SECURITY] new version of screen released
Package: screen Vulnerability: local exploit Debian-specific: no A format string bug was recently discovered in screen which can be used to gain elevated privilages if screen is setuid. Debian 2.1 slink did ship screen setuid and the exploit can be used to gain root privilages. In Debian 2.2 pota...
[SECURITY] New version of xlockmore/xlockmore-gl released
Package: xlockmore, xlockmore-gl Vulnerability type: local exploit Debian-specific: no There is a format string bug in all versions of xlockmore/xlockmore-gl. Debian 2.1 slink installs xlock setgid by default, and this exploit can be used to gain read access to the shadow file. We recommend...
Lots and lots of fun with rpc.statd
Last week was a little quiet, so I thought I'd throw some kindling on the fire. Here's another prime example of a format string bug: our old friend rpc.statd. Attached is an exploit. The offsets are for Linux/PowerPC, Debian 2.2. It isn't functional, though - and it's more than just kiddy-proofed...