Kmail heap overflow

Hi When a letter sent to a kmail user has an attachment with long about 250 bytes long filename, kmail 1.0.28 segfaults. EIP does NOT get overwritten, only EAX. Dear gurus, is it exploitable? : Byez -- Lez [email protected] http://w3.swi.hu/lezli...

gnapster dos(?)

Hello, Can anyone else verify this :- Gnapster Version : 1.3.9 & 1.3.10 Host: FreeBSD 4.0-Release, x86 first we do gdb run Starting program: /usr/local/bin/gnapster meanwhile .... yes "GET AAAAAAAAA...MANY As....." | nc localgnapsterlisteningport result.... Program received signal SIGSEGV,...

imapd4r1 v12.264

Newest RH: OK nimue IMAP4rev1 v12.264 server ready 1 login lcamtuf test 1 OK LOGIN completed 1 list "" AAAAAAAAAAAAAAAAAAAAAAAAAAA...yes, a lot of 'A's ; Program received signal SIGSEGV, Segmentation fault. 0x41414141 in ?? sigh Privledges seems to be dropped, but, anyway, it's nice way to get...

tcpdump.3.4.dos.txt

Date: Wed, 1 Jan 1986 16:30:10 +0100 From: badi To: [email protected] Subject: tcpdump 3.4 bug? / tcpdump bug 3.4a? by BLADI [email protected]; On receiving an ip packet with Protocol-4 and ihl=0, tcpdump enters an infinite loop within the procedure ipprint from file printip.c This happens...

SDI.03-99.iss-scanner.txt

Sekure SDI http://www.sekure.org --------------------------- Brazilian Information Security Team - Internet Scanner Buffer Overflow - SDI.03-99.iss-scanner --- complexity : medium critical level : medium --- 1. Introduction Internet Scanner I.S is a wide known tool to audit the security level of ...

ftpd.locate.findutils.txt

Date: Fri, 30 Apr 1999 11:07:20 +0300 From: Sergey V. Kolychev To: [email protected] Subject: Buffer overflow in ftpd and locate bug Hi. I had problem with locate from findutils-4.1.24.rpm from Redhat-5.1 It segfaults if we have huge directory at incoming ftp which created by exploits for ftpd...

sun.5.6.lpset.txt

Date: Tue, 11 May 1999 11:43:46 +0900 From: kim yong-jun homepage=ce.hannam.ac.kr/s96192 To: [email protected] Subject: SunOS 5.6 X86 lpset vulnerability This is my second post to ButTraq. If this is old, I'm sorry. It's buffer overflow in "/usr/bin/lpset". View this command : loveyou@/ %...

CGIc-DoS.txt

CGIc Library is vulnerable to a buffer overflow attack CGIc, an ANSI C-language library for creating CGI based World Wide Web applications, is vulnerable to a buffer overflow which may be used by a malicious user to gain root access. Thomas Boutell's CGIc library version 1.05 can be attacked usin...

lynx-2.8.x-BOF.txt

Date: Sun, 6 Sep 1998 00:53:24 +0200 From: Michal Zalewski To: [email protected] Subject: Sendmail, lynx, Netscape, sshd, Linux kernel twice Bugs in lynx 2.8.x including latest development versions: ----------------------------------------------------------- Trivial overflows in protocol...

irc.services.DoS.txt

Date: Thu, 22 Apr 1999 22:53:42 EDT From: Andy Church To: [email protected] Subject: Bug in Services for IRC Networks 4.2.2 A bug has been found in versions through 4.2.2 of Services for IRC Networks which allows any IRC user to crash the program. The channel service's SET SUCCESSOR command do...

solaris.write.bof.txt

Date: Mon, 8 Mar 1999 15:30:36 +0900 From: [email protected] To: [email protected] Subject: Solaris "/usr/bin/write" bug This is my first post to BugTraq If this is old, I'm sorry. when playing around with "/usr/bin/write" on Solaris 2.6 x86 , I found something interesting. It's buffer overfl...

espernet-irc.txt

Date: Fri, 24 Jul 1998 19:05:35 -0500 From: McClain Looney Subject: espernet irc services I didn't think anyone cared about irc, but seeing the mIRC posts on this list, here goes: Espernet irc services below version 3.3.5 are vulnerable to a bug in the add/remove code for chanserv which causes a...

tcsh.6.07.bof.txt

Date: Mon, 17 May 1999 09:53:19 +0200 From: arkth To: [email protected] Subject: tcsh overflow While few days ago there was discussion about bash overflow on bugtraq i found another overflow in tcsh-6.07.09-1 rh 5.2 . The problem is in too long $HOME evironment variable very old thing - zgv...

tcpdump 3.4 - Protocol Four Zero Header Length

tcpdump 3.4 - Protocol Four Zero Header Length // source: https://www.securityfocus.com/bid/313/info A vulnerability in tcpdump causes it to enter an infinite loop within the procedure ipprint from the file printip.c when it receives a packet with IP protocol number four and a zero header length...

tcpdump 3.4 - Protocol Four / Zero Header Length

// source: https://www.securityfocus.com/bid/313/info A vulnerability in tcpdump causes it to enter an infinite loop within the procedure ipprint from the file printip.c when it receives a packet with IP protocol number four and a zero header length and it tries to print it. This may allow remote...

CVE-1999-1448

Eudora and Eudora Light before 3.05 allows remote attackers to cause a crash and corrupt the user's mailbox via an e-mail message with certain dates, such as 1 dates before 1970, which cause a Divide By Zero error, or 2 dates that are 100 years after the current date, which causes a segmentation...