DSA-1605-1 glibc - DNS cache poisoning

Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS spoofing and cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. At this time, it is not possible to implement the recommended...

MySQL udf_init function 信息泄露

MySQL 4.0.23 及之前版本与 4.1.10 及之前的版本存在一个信息泄露的弱点. 这个弱点的问题存在 sqludf.cc 中 udfinit function 在检查资料夹区分时缺乏适当的验证, 导致讯息 漏的弱点. 当本地端攻击者是拥有 INSERT 和 DELETE 的权限时, 可以利用 CREATE FUNCTION 来呼叫 libc 程式库, 进而执行任意的程式码. MySQL 4.0.23 及之前版本与 4.1.10 及之前的版本 参考 MySQL 4.0 与 4.1 Downloads, 升级到 4.0.24 或 4.1 .10a 或 最新的 MySql 版本...

migcms-rfi.txt

┌┌───────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐...

GLSA-200806-05 : cbrPager: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200806-05 cbrPager: User-assisted execution of arbitrary code Mamoru Tasaka discovered that filenames of the image archives are not properly sanitized before being passed to decompression utilities like unrar and unzip, which use...

libbind off-by-one buffer overflow

Off-by-one error in the inetnetwork function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via crafted input that triggers memory corruption...

Re: [securityreason] *BSD libc (strfmon) Multiple vulnerabilities

On Mar 27, 2:09pm, [email protected] [email protected] wrote: -- Subject: securityreason BSD libc strfmon Multiple vulnerabilities ... stuff deleted ... | Problem exist also in printf function. | | Example code will show Integer Overflow . | | - ---example-start-- | include stdio.h | ...

CVE-2008-1391

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to 1 the strfmon function in...

Integer overflow

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to 1 the strfmon function in...

CVE-2008-1391

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to 1 the strfmon function in...

CVE-2008-1391

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to 1 the strfmon function in...

CVE-2008-1391

CVE-2008-1391 is an integer overflow in the GNU C Library (glibc) strfmon width specifier handling that may be triggered by an attacker who can control the format string passed to strfmon (and related to printf in some contexts). The connected Nessus/OpenVAS entries indicate this vulnerability wa...

CVE-2008-1391

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to 1 the strfmon function in...

CVE-2008-1391

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to 1 the strfmon function in...

[securityreason] *BSD libc (strfmon) Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 BSD libc strfmon Multiple vulnerabilities Author: Maksymilian Arciemowicz cxib SecurityReason.com Date: - - Written: 10.03.2008 - - Public: 25.03.2008 SecurityReason Research SecurityAlert Id: 53 CVE: CVE-2008-1391 SecurityRisk: High Affected Software...

CVE-2008-0988

This CVE affects Apple Mac OS X 10.4.11 where Libsystem’s strnstr(3) has an off-by-one in its implementation, allowing a context-dependent attacker to trigger a buffer over-read, potentially causing a crash. The connected sources confirm the vulnerability detail and the affected platform, but do ...

inet_network() off-by-one buffer overflow

Overview The inetnetwork resolver function contains an off-by-one buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The inetnetwork function takes a character string representation for an internet address and returns...

Debian Security Advisory DSA 039-1 (glibc)

The remote host is missing an update to glibc announced via advisory DSA 039-1. OpenVAS Vulnerability Test $Id: deb0391.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 039-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 707-1 (mysql)

The remote host is missing an update to mysql announced via advisory DSA 707-1. OpenVAS Vulnerability Test $Id: deb7071.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 707-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 282-1 (glibc)

The remote host is missing an update to glibc announced via advisory DSA 282-1. OpenVAS Vulnerability Test $Id: deb2821.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 282-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 039-1 (glibc)

The remote host is missing an update to glibc announced via advisory DSA 039-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...