Samba服务器VFS插件afsacl.so远程格式串处理漏洞

Samba是一套实现SMB（Server Messages Block）协议、跨平台进行文件共享和打印共享服务的程序。 Samba的VFS插件afsacl.so库在处理文件名时存在格式串漏洞，攻击者可能利用此漏洞诱使用户处理恶意的VFS分区控制服务器。 Samba在调用snprintf时将磁盘上所储存的文件名用作了格式串，如果用户能够写入的共享使用Samba的afsacl.so库对AFS文件系统上的文件设置Windows NT访问控制列表的话，就可能通过文件名中的格式串标识符导致执行任意代码。 这个漏洞仅影响与CIFS共享了AFS文件系统并在smb.conf中明确要求加载afsacl.s...

Format string bug in afsacl.so VFS plugin.

Description NOTE: This security advisory only impacts Samba servers that share AFS file systems to CIFS clients and which have been explicitly instructed in smb.conf to load the afsacl.so VFS module. The source defect results in the name of a file stored on disk being used as the format string in...

Novell eDirectory/iMonitor HTTPSTK栈缓冲区溢出漏洞

Novell eDirectory是一个的跨平台的目录服务器。 Novell eDirectory在处理用户请求构造回应时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上执行任意指令。 Novell的HTTP协议栈（httpstk）没有检查客户端所提供的HTTP Host请求头（如Host: www.host.com）的值。当服务器在准备HTTP重新定向响应调用snprintf时可能会触发这个漏洞，导致以加载httpstk库进程的权限执行任意指令。C++伪代码如下： define HTTPHDRHOSTFIELD 211 char szHttp = "HTTP"; char...

CVE-2002-1721

Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service crash via an x-header that causes snprintf overwrite the FFGETFILE variable with a null byte...

CVE-2002-1721

Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service crash via an x-header that causes snprintf overwrite the FFGETFILE variable with a null byte...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute...

CVE-1999-1330

The CVE-1999-1330 issue affects the db library’s snprintf usage in version 1.85.4, where the size parameter is ignored and could permit buffer overflows that proper snprintf implementation would prevent. This describes a potential local memory corruption risk. Exploitation details or concrete rem...

CVE-2001-0850

The CVE-2001-0850 entry concerns a configuration error in the libdb1 package of OpenLinux 3.1. The vulnerability arises from insecure versions of snprintf and vsnprintf used by libdb1, which could allow local or remote users to trigger a buffer overflow. Affected software: OpenLinux 3.1 (libdb1)....

CVE-2001-0850

A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow...

CVE-2001-0850

A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow...

pkc002.txt

/ pkc002.txt / -= SECURITY ADVISORY 002 =- | \ www.pkcrew.org / \ \ | / \ | | | | | / | | | | | / | | | | / | | / / | | | / | Application : Tinyproxy version 1.3.2 and 1.3.3 Type : heap buffer overflow --- The Problem --- Function httperr in utils.c : int httperrstruct conns connptr, int err, cha...

ProFTPd 1.2 pre6 - snprintf Remote Root

ProFTPd 1.2 pre6 - snprintf Remote Root source: https://www.securityfocus.com/bid/650/info Lack of user input validation in ProFTPD can lead to a remote root vulnerability. On systems that support it ProFTPD will attempt to modify the name of the program being executed argv0 to display the comman...

ProFTPd 1.2 pre6 - 'snprintf' Remote Root

source: https://www.securityfocus.com/bid/650/info Lack of user input validation in ProFTPD can lead to a remote root vulnerability. On systems that support it ProFTPD will attempt to modify the name of the program being executed argv0 to display the command being executed by the logged on user. ...

slackdb.txt

Date: Thu, 16 Jul 1998 09:22:40 +0200 From: Martin Bene Subject: Berkley DB problem in slackware distribution Hi! I recently ran into a potential problem with berkley db 1.85 as distributed with all versions of slackware linux: fixed in slackware 3.5 as of 07.14.98 libdb.so.1.85.4 defines snprint...