5512 matches found
Проблемы с tcp_wrappers в FreeBSD (protection bypass)
Режим PARANOID hostname chacking не работает так, как заявлено...
FreeBSD-SA-01:56.tcp_wrappers
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:56 Security Advisory FreeBSD, Inc. Topic: tcpwrappers PARANOID hostname checking does not work Category: core Module: tcpwrappers Announced: 2001-08-23 Credits: Tony Finc...
CVE-2001-0050
CVE-2001-0050 correlates to two bugs in the BitchX IRC client reported in MDKSA-2000:079. A stack overflow can occur when processing a malformed DNS answer, potentially enabling remote denial of service or arbitrary code execution, and a second bug allows embedding a malformed DNS record in a val...
CVE-2001-0050
Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name...
CVE-2001-0207
Buffer overflow in bing allows remote attackers to execute arbitrary commands via a long hostname, which is copied to a small buffer after a reverse DNS lookup using the gethostbyaddr function...
Дырка в xinetd (hostname filtering)
Если в xinetd используется проверка пи имени хоста и обратное имя не разрешается, то компьютер получает доступ...
Vulnerability in xinetd (Found)
Here is what I found. At the time of the pseudo-intrusion, there was effectively a host name in the filter and the current version is 2.1.88p1. xinetd Connection Filtering Via Hostname Vulnerability RELEASED: June 04, 2000 AFFECTS: xinetd 2.1.87, 88, 89 almost all versions REFERENCE:...
CVE-2001-0050
Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name...
WU-FTPD 2.4.22.52.6 - Debug Mode Client Hostname Format String
WU-FTPD 2.4.22.52.6 - Debug Mode Client Hostname Format String source: https://www.securityfocus.com/bid/2296/info Wu-ftpd is a widely used unix ftp server. It contains a format string vulnerability that may be exploitable under certain perhaps 'extreme' circumstances. When running in debug mode,...
WU-FTPD 2.4.2/2.5/2.6 - Debug Mode Client Hostname Format String
source: https://www.securityfocus.com/bid/2296/info Wu-ftpd is a widely used unix ftp server. It contains a format string vulnerability that may be exploitable under certain perhaps 'extreme' circumstances. When running in debug mode, Wu-ftpd logs user activity to syslog in an insecure manner. An...
traceroute-4.4BSD (slack) heap overflow
Hi, A while ago I was studying the source code for this traceroute... I found this in the inetname function: ... static char line50; ... if cp void strcpyline, cp; else ... The cp variable holds at that point the hostname for the current host it's tracing. If the hostname is something like a litt...
WU-FTPD 2.6.0 - Remote Format Strings
/ 12:40 11/10/00: Tool for either attack or defense within an information warfare setting. Rather, it is a small program demonstrating proof of concept. Default values for solaris 2.8 and inetd. If you are not the intended recipient, or a person responsible for delivering it to the intended...
sysback makes call to hostname without a fully qualified path specification
Overview sysback , shipped with AIX systems, allows local users to gain root access because of a failure to use a fully qualified path for a call to hostname. Description sysback includes a call to hostname but does not include a full path specification. Because sysback is set uid root, intruders...
CVE-2000-1222
AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program...
CVE-2000-1066
The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname...
CVE-2000-1066
The CVE-2000-1066 entry affects the getnameinfo function in FreeBSD 4.1.1 and earlier (and possibly other operating systems). The vulnerability allows a remote attacker to cause a denial of service by supplying a long DNS hostname. The available documents confirm this DoS impact but do not provid...
Security Advisory: FreeBSD-SA-00:63.getnameinfo
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:63 Security Advisory FreeBSD, Inc. Topic: getnameinfo function allows remote denial of service Category: core Module: libc Announced: 2000-11-01 Credits: Pavel Kankovsky...
FreeBSD-SA-00:63.getnameinfo
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:63 Security Advisory FreeBSD, Inc. Topic: getnameinfo function allows remote denial of service Category: core Module: libc Announced: 2000-11-01 Credits: Pavel Kankovsky...
Переполнение буфера в NIS (hostname lookup)
При ответе сервера не проверяется длина адреса, что позволяет переполнить статический буфер...
Security Advisory 2000-012
-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2000-012 ================================= Topic: buffer overflow in NIS hostname lookup code Version: 1.4.x: All versions prior to 1.4.3 fix will be in 1.4.3 1.5ALPHA: prior to June 30, 2000 fix will be in 1.5 current: prior to June 30,...