270 matches found
NT drivers are potentially vulnerable to format string bug
Many NT drivers are potentially vulnerable to "format string bug". The problem is concerned with DbgPrint function that is used for debug messages. Some drivers instead of directly call of this function use additional intermediate functions. Those functions add a prefix to an outputted string,...
Format string bug in startinnfeed
Description -------------- The 'startinnfeed' binary contains various format string bugs. Most of the command line options passes user given arguments to 'syslog' as format string. For example: paul@ps:/usr/home/paul /usr/lib/news/bin/startinnfeed -a "xxnnnnnnn" segmentation fault...
[SECURITY] [DSA-016-1] New version of wu-ftpd released
---------------------------------------------------------------------------- Debian Security Advisory DSA-016-1 [email protected] http://www.debian.org/security/ Martin Schulze January 23, 2001 - ---------------------------------------------------------------------------- Package : wu-ftpd...
[SECURITY] New version of Debian php4 packages released (updated)
Package: php4 Vulnerability: possible remote exploit Debian-specific: no Vulnerable: yes Updated version: corrected URLs In versions of the PHP 4 packages before version 4.0.3, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the...
[RHSA-2000:066-03] lpr has a format string security bug, LPRng compat issues, and a race cond.
--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: lpr has a format string security bug, LPRng compat issues, and a race cond. Advisory ID: RHSA-2000:066-03 Issue date: 2000-09-25 Updated on: 2000-10-04 Product: Red Hat Linux Keywords:...
Format strings: bug #2: LPRng
Hi, SUMMARY ------- LPRng is almost certainly vulnerable to remote-root compromise on account of a format string bug. The flaw is almost identical to the rpc.statd one I found; namely a faulty syslog wrapper. This is becoming a very common flaw. Details ------- Here is a code excerpt from:...
format string bug in muh
Hi, muh is an IRC bouncer, a program that will allow you to use any host you have a shell on as a relay between you and IRC. Moreover, muh stays connected when you are not, and can log any message you receive. The muh official homepage is : http://mind.riot.org/muh/. The latest version, 2.05d and...
[SECURITY] new version of screen released
Package: screen Vulnerability: local exploit Debian-specific: no A format string bug was recently discovered in screen which can be used to gain elevated privilages if screen is setuid. Debian 2.1 slink did ship screen setuid and the exploit can be used to gain root privilages. In Debian 2.2 pota...
[SECURITY] New version of xlockmore/xlockmore-gl released
Package: xlockmore, xlockmore-gl Vulnerability type: local exploit Debian-specific: no There is a format string bug in all versions of xlockmore/xlockmore-gl. Debian 2.1 slink installs xlock setgid by default, and this exploit can be used to gain read access to the shadow file. We recommend...
Lots and lots of fun with rpc.statd
Last week was a little quiet, so I thought I'd throw some kindling on the fire. Here's another prime example of a format string bug: our old friend rpc.statd. Attached is an exploit. The offsets are for Linux/PowerPC, Debian 2.2. It isn't functional, though - and it's more than just kiddy-proofed...