NetBSD 5.1 - 'libc/net' Multiple Stack Buffer Overflows

// source: https://www.securityfocus.com/bid/48528/info NetBSD is prone to a stack-based buffer-overflow vulnerability affecting multiple functions in the 'libc/net' library. Successful exploits may allow an attacker to execute arbitrary code in the context of the application using the affected...

CVE-2011-2168

Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOBAPPEND and GLOBDOOFFS flags, a different issue than CVE-2011-0418...

DEBIAN-CVE-2011-0418

The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service memory consumption via a crafted FTP STAT command...

Integer overflow

Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOBAPPEND and GLOBDOOFFS flags, a different issue than CVE-2011-0418...

CVE-2011-2168

Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOBAPPEND and GLOBDOOFFS flags, a different issue than CVE-2011-0418...

CVE-2011-2168

CVE-2011-2168 affects the glob implementation in OpenBSD’s libc prior to 4.9. It involves multiple integer overflows in the glob code, related to GLOB_APPEND and GLOB_DOOFFS flags, which could let context-dependent attackers trigger an unspecified impact via a crafted string. The provided documen...

CVE-2011-0419

Stack consumption vulnerability in the fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows...

0day Exploit Released : Adobe, HP, Sun, Microsoft Interix & many more Vendors FTP hackable !

0day Exploit Released : Adobe, HP, Sun, Microsoft Interix & many more Vendors FTP hackable ! Topic : Multiple Vendors libc/glob3 resource exhaustion +0day remote ftpd-anon CVE : CVE-2010-2632 CWE : CWE-NOMAPPING SecurityRisk : Medium About Remote Exploit : Yes Local Exploit : Yes Victim interacti...

Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT Memory Exhaustion

Multiple Vendors libc/glob3 GLOBBRACE|GLOBLIMIT memory exhaustion Author: Maksymilian Arciemowicz http://netbsd.org/donations/ http://securityreason.com/ http://cxib.net/ Date: - Dis.: 19.01.2011 - Pub.: 02.05.2011 CVE: CVE-2011-0418 Affected Software verified: - NetBSD 5.1 - and more Original UR...

Multiple Vendors libc/glob() GLOB_BRACE|GLOB_LIMIT memory exhaustion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vendors libc/glob GLOBBRACE|GLOBLIMIT memory exhaustion Author: Maksymilian Arciemowicz http://netbsd.org/donations/ http://securityreason.com/ http://cxib.net/ Date: - Dis.: 19.01.2011 - Pub.: 02.05.2011 CVE: CVE-2011-0418 Affected Software...

glibc: fix causes linker to search CWD when running privileged program with $ORIGIN in R*PATH

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library aka glibc or libc6, including glibc-2.5-49.el55.6 and glibc-2.12-1.7.el60.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object DSO...

CVE-2010-4754

The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service CPU and memory consumption via crafted glob expressions that do not match any pathnames, as...

CVE-2010-4754

The CVE-2010-4754 entry covers a DoS in the glob() implementation of libc (and related glob in libsystem on macOS) caused by crafted glob expressions that do not match any pathnames. The message notes remote authenticated users can trigger CPU/memory consumption via such expressions, demonstrated...

CVE-2010-4415

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc...

Design/Logic Flaw

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc...

CVE-2010-4415

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc...

GNU libc/regcomp(3) Multiple Vulnerabilities

Exploit for linux platform in category dos / poc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - - Pub.: 07.01.2011 CERT: VU912279 CVE: CVE-2010-4051...

GNU libc/regcomp(3) - Multiple Vulnerabilities

// source: http://securityreason.com/securityalert/8003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - - Pub.: 07.01.2011 CERT: VU912279 CVE:...

GNU libc/regcomp(3) Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - - Pub.: 07.01.2011 CERT: VU912279 CVE: CVE-2010-4051 CVE-2010-4052 Affected tested: - - Ubuntu 10.10 - ...

GNU libcregcomp(3) - Multiple Vulnerabilities

GNU libcregcomp3 - Multiple Vulnerabilities // source: http://securityreason.com/securityalert/8003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - -...