211 matches found
ASCPU 0.60 Kernel - Memory File Descriptor Leakage
source: https://www.securityfocus.com/bid/5716/info It has been reported that ascpu is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/km...
Ehud Gavron TrACESroute 6.1.1 - Terminator Function Format String
Ehud Gavron TrACESroute 6.1.1 - Terminator Function Format String source: https://www.securityfocus.com/bid/4956/info A format string vulnerability exists in TrACESroute. The problem exists in the terminator -T function of the program. Due to improper use of the fprintf function, an attacker may ...
Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "%3F+.htr"
Overview A vulnerability exists in Microsoft Information Server IIS in which a crafted HTTP GET request may return the contents of a file on the affected server. A possible target of such a request might be a script that should only be executable not readable by unauthenticated remote users. The...
Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "+.htr"
Overview A vulnerability exists in Microsoft Internet Information Server IIS that could disclose sensitive information contained in CGI-type files. Typically a CGI/script file on a web server should only be executable and not readable to remote users. Sensitive information contained in CGI-type...
OpenServer 5.0.5/5.0.6 / HP-UX 10/11 / Solaris 2.6/7.0/8 - rpc.yppasswdd Buffer Overrun
source: https://www.securityfocus.com/bid/2763/info The rpc.yppasswdd server is used to handle password change requests from yppasswd and modify the NIS password file. A buffer overrun vulnerability has been discovered in the rpc.yppasswdd utility distributed by multiple vendors. The problem occu...
Sudo 1.51.6 - Heap Corruption
Sudo 1.51.6 - Heap Corruption // source: https://www.securityfocus.com/bid/2829/info Sudo superuser do is a security utility that allows administrator to give 'restricted' superuser privileges to certain users. Sudo contains a locally exploitable buffer overrun vulnerability. The overrun conditio...
LBL Traceroute 1.4 a5 - Heap Corruption (1)
// source: https://www.securityfocus.com/bid/1739/info Traceroute is a well-known network diagnostic tool used for analyzing the path on a network between two hosts. On unix systems, traceroute is typically installed setuid root because of its use of raw sockets. Certain versions of LBNL tracerou...
Elm Development Group ELM 2.42.5.1 Mail for UNIX - ELM Buffer Overflow (2)
Elm Development Group ELM 2.42.5.1 Mail for UNIX - ELM Buffer Overflow 2 // source: https://www.securityfocus.com/bid/1276/info Buffer overflow vulnerabilities exist in elm Electronic Mail for Unix. / Elm 2.5 PL3 exploit Tested Under Linux Slackware 3.6, 4.0, 7.0 By xfer [email protected] ...
xfs security issues (fwd)
Hi, I notice xfs the X font server recently hit the news. It seems I never sent the below message on to Bugtraq at least a search doesn't show up much. I'm guessing it's still relevant. This message illustrates that the xfs problem recently mentioned by Michal is but one of many minor...
FreeBSD-SA-00:02.procfs
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:01 Security Advisory FreeBSD, Inc. Topic: Old procfs hole incompletely filled Category: core Module: make Announced: 2000-01-24 Affects: All versions before the correctio...
linux2.2.1-proc-smp-race-sniffer.txt
Date: Tue, 2 Feb 1999 17:39:13 +0100 From: Andrea Arcangeli To: [email protected] Subject: patch /proc race fixes for 2.2.1 fwd This is a short analysis I've done yesterday about the array.c /proc/pid/... races of Linux-2.2.0 and Linux-2.2.1. These races was leading to very easily reproducible...