security flaw

Off-by-one buffer overflow in the sslcompatdirective function, as called by the rewritecommand hook for modssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries...

Buffer overflow in fake ident

Off-by-one buffer overflow...

Apache mod_ssl off-by-one vulnerability

Product: modssl - http://www.modssl.org/ Date: 06/24/2002 Summary: Off-by-one in modssl 2.4.9 and earlier By: Frank Denis - [email protected] --------------------------------------------------------------------- DESCRIPTION --------------------------------------------------------------------- This...

CVE-2002-0083

CVE-2002-0083 is described in the initial document as an off-by-one error in the OpenSSH channel code affecting OpenSSH 2.0–3.0.2 that can allow privilege escalation. The connected F5 advisory (K1648) references CAN-2002-0083 and labels it as an OpenSSH array overflow vulnerability, but does not ...

[DER ADV#8] - Local off by one in CVSD

Local off by one overflow in CVSD. intro: the family of scanf functions scanf, sscanf, fscanf are generally insecure in usage and steps have been taken to make them more...secure you might say like adding bounds checking sscanfhey, ".4096s d", buffer, int but the function still remains quite...

PT-2002-1032 · Sudo · Sudo

Name of the Vulnerable Software and Affected Versions: sudo versions prior to 1.6.6 Description: The issue is caused by an off-by-one error that can result in a heap-based buffer overflow. This may allow local users to gain root privileges via special characters in the -p prompt argument, which a...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. Remediation There is no fixed version for openssh. References - Debian.org...

[PINE-CERT-20020301] OpenSSH off-by-one

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------------- Pine Internet Security Advisory - ----------------------------------------------------------------------------- Advisory ID : PINE-CERT-20020301 Authors : Joost Pol...

OpenSSH 2.x/3.0.1/3.0.2 - Channel Code Off-by-One

source: https://www.securityfocus.com/bid/4241/info OpenSSH is a suite implementing the SSH protocol. It includes client and server software, and supports ssh and sftp. It was initially developed for BSD, but is also widely used for Linux, Solaris, and other UNIX-like operating systems. A...

OpenSSH 2.x3.0.13.0.2 - Channel Code Off-by-One

OpenSSH 2.x3.0.13.0.2 - Channel Code Off-by-One source: https://www.securityfocus.com/bid/4241/info OpenSSH is a suite implementing the SSH protocol. It includes client and server software, and supports ssh and sftp. It was initially developed for BSD, but is also widely used for Linux, Solaris,...

FreeBSD-SA-02:13.openssh

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:13 Security Advisory FreeBSD, Inc. Topic: OpenSSH contains exploitable off-by-one bug Category: core, ports Module: openssh, portsopenssh, openssh-portable Announced:...

Off-by-one overflow discovered in thttpd!!1

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++GOBBLES+SECURITY+RESEARCH+TEAM+INCORPORATED+++++++++++++++++ ALERT! ALERT! OFF-BY-ONE OVERFLOW IN THTTPD! ALERT! ALERT! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ include...

Tektronix (Xerox) PhaserLink 850 Webserver Vulnerability (NEW)

Summary - New Tektronix Xerox printers have covered up a security through obscurity flaw discovered in November, 1999 with more security through obscurity. The unauthenticated and unfiltered administrator configuration page on the PhaserLink webserver is now located at the URL...

Tektronix Phaser 740/750/850/930 - Network Printer Administration Interface

source: https://www.securityfocus.com/bid/2659/info A remote vulnerability exists in Tektronix Phaser network printers in the 7xx, 8xx, and 9xx series. An attacker with access to the printer's local network or, if no firewall is in place, any attacker can reach the printer's admin interface,...

Tektronix Phaser 740750850930 - Network Printer Administration Interface

Tektronix Phaser 740750850930 - Network Printer Administration Interface source: https://www.securityfocus.com/bid/2659/info A remote vulnerability exists in Tektronix Phaser network printers in the 7xx, 8xx, and 9xx series. An attacker with access to the printer's local network or, if no firewal...

CVE-2001-1391

Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory...

BSD-derived ftpd replydirname() in ftpd.c contains one-byte overflow

Overview There is a off-by-one vulnerability in several BSD-derived ftpd servers. Description The ftp server in several BSD distributions contains a defect which allows one byte of the program memory allocated within a stack frame to be overwritten with a NUL byte '\0'. The byte in question is...

Slackware Linux /usr/bin/ppp-off Insecure /tmp Call Exploit

Exploit for linux platform in category dos / poc =========================================================== Slackware Linux /usr/bin/ppp-off Insecure /tmp Call Exploit =========================================================== !/bin/sh In SlackWare Linux the script /usr/bin/ppp-off writes the...

Slackware Linux - '/usr/bin/ppp-off' Insecure /tmp Call

!/bin/sh In SlackWare Linux the script /usr/bin/ppp-off writes the output of 'ps x' to /tmp/grep.tmp. Since root is the user that runs ppp-off, a non-privileged user could create a link from /tmp/grep.tmp to any fileie: /etc/issue, thus when root runs the ppp-off script, the output of 'ps x' woul...

Slackware Linux - usrbinppp-off Insecure tmp Call

Slackware Linux - usrbinppp-off Insecure tmp Call !/bin/sh In SlackWare Linux the script /usr/bin/ppp-off writes the output of 'ps x' to /tmp/grep.tmp. Since root is the user that runs ppp-off, a non-privileged user could create a link from /tmp/grep.tmp to any fileie: /etc/issue, thus when root...