Серьезная дырка воо всех утилитах семейства chpass

Утилиты chfn/chpass/chsh/ypchfn/ypchpass/ypchsh/passwd содержат уязвимость форматной строки...

rpc.statd vulnerable to remote root compromise via format string stack overwrite

Overview The CERT/CC has begun receiving reports of an input validation vulnerability in the rpc.statd program being exploited. This program is included, and often installed by default, in several popular Linux distributions. Please see the vendors section of this document for specific informatio...

hl-advisory.asc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TAMANDUA SEKURE LABS http://tamandua.sekure.org Sao Paulo / Porto Alegre - Brazil Issue: Multiples vulnerabilities in Half-life Dedicated Server for Linux Advisory : sekure-2000-01 Version: 3.1.3.x Patch Availability: Soon Severity: High - Remote acce...

Solsoft NSM Format Strings RCE

The Solsoft NSM application running on the remote host is affected by multiple flaws in ulm logging related to format string processing. An unauthenticated, remote attacker can exploit these to execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if description...

Дырка в FWTK (x-gw format bug)

Ошибка форматной строки может привести к выполнению кода...

Security Advisory 2000-015

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2000-015 ================================= Topic: format-string bugs in passwd/libutil Version: all releases up to and including 1.4.2 Severity: local root compromise possible Fixed: 2000/10/03 in -current and netbsd-1-5 branches...

Дырка в libutil (passwd format-string bugs)

Ошибка форматной строки в функции pwerror...

Tamandua Sekure Labs Security Advisory 2000-01

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TAMANDUA SEKURE LABS http://tamandua.sekure.org Sao Paulo / Porto Alegre - Brazil Issue: Multiple vulnerabilities in Half-life Dedicated Server for Linux Advisory : sekure-2000-01 Version: 3.1.3.x Patch Availability: Soon Severity: High - Remote acces...

David Bagley xlock 4.16 - User Supplied Format String (2)

// source: https://www.securityfocus.com/bid/1585/info A vulnerability exists in versions of the xlockmore program, originally written by David Bagley. It is believed to affect all versions of xlock derived from xlockmore. This includes the xlock shipped with a number of popular operating systems...

CVE-2000-0763

xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option...

CVE-2000-0733

Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPTENVIRON request...

CVE-2000-0741

Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA extension...

ntop 1.x - i Local Format String

source: https://www.securityfocus.com/bid/1840/info ntop network top is a unix program used for displaying network usage statistics. It is often installed setuid root because it uses privileged ports. ntop is vulnerable to a format string vulnerability that can compromise root access locally. If...

ntop 1.x - i Local Format String

ntop 1.x - i Local Format String source: https://www.securityfocus.com/bid/1840/info ntop network top is a unix program used for displaying network usage statistics. It is often installed setuid root because it uses privileged ports. ntop is vulnerable to a format string vulnerability that can...

Дырки в TIS Firewall Toolkit

Многочисленные переполнения буфера и ошибки форматной строки...

[SECURITY] New version of Debian php4 packages released (updated)

Package: php4 Vulnerability: possible remote exploit Debian-specific: no Vulnerable: yes Updated version: corrected URLs In versions of the PHP 4 packages before version 4.0.3, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the...

[SECURITY] New version of Debian php4 packages released

Package: php4 Vulnerability: possible remote exploit Debian-specific: no Vulnerable: yes In versions of the PHP 4 packages before version 4.0.3, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the web server. This problem is fixe...

[SECURITY] New version of Debian php4 packages released

---------------------------------------------------------------------------- Debian Security Advisory [email protected] http://www.debian.org/security/ Daniel Jacobowitz October 14, 2000 - ---------------------------------------------------------------------------- Package: php4 Vulnerability:...

[SECURITY] New version of Debian php4 packages released (updated)

---------------------------------------------------------------------------- Debian Security Advisory [email protected] http://www.debian.org/security/ Daniel Jacobowitz October 14, 2000 - ---------------------------------------------------------------------------- Package: php4 Vulnerability:...

CVE-2000-0594

BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters...