OpenBSD 2.x - 'fstat' Format String

// source: https://www.securityfocus.com/bid/1746/info fstat is a program shipped with BSD unix variants that is used to list the open files on a system. It is installed sgid kmem so it can access information about open files from the kernel memory structures. A user definable environment variabl...

Format string input validation error in wu-ftpd site_exec() function

Overview A vulnerability involving an input validation error in the "site exec" command has recently been identified in the Washington University ftpd wu-ftpd software package. Sites running affected systems are advised to update their wu-ftpd software as soon as possible. A similar but distinct...

LPRng use_syslog() Remote Format String Arbitrary Command Execution

LPRng seems to be running on this port. Versions of LPRng prior to 3.6.24 are missing format string arguments in at least two calls to 'syslog' that handle user-supplied input. Using specially crafted input with format strings, an unauthenticated, remote attacker may be able to leverage these...

Дырка в catopen (libc)

В дополнение к ошибке форматной строки в catopen/setlocale в catopen так же имеется переполнение буфера при разборе локальных переменных окружения...

Unixware SCOhelp http server format string vulnerability

CORE SDI Inc. http://www.core-sdi.com Unixware SCOhelp http server format string vulnerability Date Published: 09/27/00 Advisory ID: CORE-092700 Bugtraq ID: 1717 CVE CAN: None currently assigned. Title: Unixware SCOhelp http server format string vulnerability Class: Input validation error Remotel...

Unixware 7.0 - SCOhelp HTTP Server Format String

Unixware 7.0 - SCOhelp HTTP Server Format String source: https://www.securityfocus.com/bid/1717/info SCO Unixware 7 default installation includes scohelp, an http server that listens on port 457/tcp and allows access to manual pages and other documentation files. The search CGI script provided fo...

Format strings: bug #2: LPRng

Hi, SUMMARY ------- LPRng is almost certainly vulnerable to remote-root compromise on account of a format string bug. The flaw is almost identical to the rpc.statd one I found; namely a faulty syslog wrapper. This is becoming a very common flaw. Details ------- Here is a code excerpt from:...

WU-FTPD 2.4.22.5 .02.6.0 - Remote Format String Stack Overwrite (2)

WU-FTPD 2.4.22.5 .02.6.0 - Remote Format String Stack Overwrite 2 // source: https://www.securityfocus.com/bid/1387/info Washington University ftp daemon wu-ftpd is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a...

Дырки в LPR-утилитах BSD

Ошибка форматной строки...

Дырка в klogd

Ошибка форматной строки позволяет получить привилегии root...

CVE-2000-0701

The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges...

Дырка в kvt

Ошибка форматной строки при разборе имени дисплея...

Дырка в agetty

Ошибка форматной строки в режиме отладки при разборе аргументов...

format string bug in muh

Hi, muh is an IRC bouncer, a program that will allow you to use any host you have a shell on as a relay between you and IRC. Moreover, muh stays connected when you are not, and can log any message you receive. The muh official homepage is : http://mind.riot.org/muh/. The latest version, 2.05d and...

Solaris 2.6/7.0 'eject' locale - Subsystem Format String

/ source: https://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide internationalization support according to the...

Solaris 2.67.0 eject locale - Subsystem Format String

Solaris 2.67.0 eject locale - Subsystem Format String / source: https://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems...

RedHat 6 GLIBClocale - Subsystem Format String

RedHat 6 GLIBClocale - Subsystem Format String / source: https://www.securityfocus.com/bid/1634/info Conectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems...

Screen-3.7.6 local compromise

Hi ppl, as mentioned in other postings the screen package is vulnerbale to the classic format string attack. I attached a simple exploit and as far as I could investigate on Suse 6.1 with screen 3.7.6: the vulnerable function is Msgint err, char fmt, ... which is invoked with the value of the...

RedHat 6 GLIBC/locale - Subsystem Format String

/ source: https://www.securityfocus.com/bid/1634/info Conectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide internationalization support according to t...

Juergen Weigert screen 3.9 - User Supplied Format String

// source: https://www.securityfocus.com/bid/1641/info Various format string vulnerabilities exist in versions 3.9.5 and prior of 'screen' that may allow local users to elevate their privileges. If screen is setuid root, it is possible to alter the contents of the variable which stores the user i...