CVE-2004-2259

vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service crash via a SIGCHLD signal during a malloc or free call, which is not re-entrant...

CVE-2004-1234

loadelfbinary in Linux before 2.4.26 allows local users to cause a denial of service system crash via an ELF binary in which the interpreter is NULL...

DEBIAN-CVE-2004-2259

vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service crash via a SIGCHLD signal during a malloc or free call, which is not re-entrant...

security flaw

The loadelfbinary function in the binfmtelf loader binfmtelf.c in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernelread function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary...

CVE-2004-0317

Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x allows local users or remote attackers within the LSF cluster to cause a denial of service segmentation fault and possibly execute arbitrary code via a long LSFFromPC parameter...

CVE-2004-0596

The Equalizer Load-balancer for serial network interfaces eql.c in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference...

CVE-2004-0596

The vulnerability CVE-2004-0596 affects the Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7. The root cause is a null dereference triggered when a non-existent device name is used, leading to local denial of service. Affected component: eql.c within...

CVE-2004-0596

The Equalizer Load-balancer for serial network interfaces eql.c in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference...

APSIS Pound Load Balancer Format String Overflow

The remote server is vulnerable to a remote format string bug which can allow remote attackers to gain access to confidential data. Pound versions less than 1.6 are vulnerable to this issue. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid12007; scriptversion "1.14";...

Web Server Load Balancer Detection

The remote web server seems to be running in conjunction with several others behind a load balancer. Knowing that there are multiple systems behind a service could be useful to an attacker as the underlying hosts may be running different operating systems, patchlevels, etc. C Tenable Network...

CVE-2004-0317

CVE-2004-0317 affects Load Sharing Facility (LSF) versions 4.x, 5.x, and 6.x. The vulnerability is a buffer overflow in the eauth component triggered by a long LSF_From_PC parameter, allowing local users or attackers within an LSF cluster to cause a denial of service (segmentation fault) and pote...

CVE-2004-0318

CVE-2004-0318 affects Load Sharing Facility (LSF) versions 4.x, 5.x, and 6.x. The vulnerability arises because LSF_EAUTH_UID may be used in place of the real user UID, enabling remote attackers within the local cluster to gain privileges. The underlying issue is the handling of an environment var...

CVE-2004-0317

Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x allows local users or remote attackers within the LSF cluster to cause a denial of service segmentation fault and possibly execute arbitrary code via a long LSFFromPC parameter...

CVE-2004-0318

Load Sharing Facility LSF 4.x, 5.x, and 6.x uses the LSFEAUTHUID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges...

Load Sharing Facility multiple bugs

Code execution, DoS...

Lam3rZ Security Advisory #1/2004: LSF eauth vulnerability leads to remote code execution

Lam3rZ Security Advisory 1/2004 23 Feb 2004 Remote within a cluster root in LSF Name: Load Sharing Facility versions 4.x, 5.x, 6.x Severity: High Vendor URL: http://www.platform.com Author: Tomasz Grabowski [email protected] Vendor notified: 26 Oct 2003 Vendor confirmed: 27 Oct 2003 Vendor...

PT-2003-1903 · Ibm · Ibm Db2 Universal Database

Name of the Vulnerable Software and Affected Versions: IBM DB2 Universal Data Base versions 7.2 before Fixpak 10 and 10a IBM DB2 Universal Data Base versions 8.1 before Fixpak 2 Description: A stack-based buffer overflow issue allows attackers with Connect privileges to execute arbitrary code via...

ptl-2003-01: IBM DB2 LOAD Command Stack Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pentest Limited Security Advisory IBM DB2 LOAD Command Stack Overflow Vulnerability Advisory Details - ---------------- Title: IBM DB2 LOAD Command Stack Overflow Vulnerability Announcement date: 1st October 2003 Advisory Reference: ptl-2003-01 CVE...

Cisco CSS 11000 Series DoS

ID: S21SEC-025-en Title: Cisco CSS 11000 Series DoS Date: 04/07/2003 Status: Solution available Scope: Interruption of service, high CPU load. Platforms: All/Chassis CS800. Author: ecruz, egarcia, jandre Location: http://www.s21sec.com/en/avisos/s21sec-025-en.txt Release: External S 2 1 S E C...

CVE-2003-0337

The CVE describes a local code execution in Load Sharing Facility (LSF) 5.1 via the ckconfig command in lsadmin. By manipulating environment variables LSF_ENVDIR to reference an alternate lsf.conf and LSF_SERVERDIR to point to a malicious lim program, a local attacker can cause lsadmin to execute...