MIT Kerberos V5 KDC logging routines use unsafe format strings

Overview Early releases of the MIT Kerberos V5 KDC contain format string vulnerabilities that can be used by unauthenticated remote attackers to conduct denial of service attacks on KDC servers. Description Logging routines in some unspecified versions of the MIT Kerberos V5 Key Distribution Cent...

Format string vulnerability in KDE talkd

No description provided...

Inso DynaWeb HTTPd 3.14.0.24.1 - Format String

Inso DynaWeb HTTPd 3.14.0.24.1 - Format String // source: https://www.securityfocus.com/bid/5384/info Inso DynaWeb webserver, dwhttpd, is used as a subcomponent in products such as Sun's AnswerBook2, which is shipped as part of the Solaris operating environment. The dwhttpd webserver is prone to ...

Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta

SecureCRT http://www.vandyke.com/products/securecrt/ seems to have a bug in a seemlingly trivial portion of its SSH connection code. When an SSH Client connects to a server, the server sends a version string containing minor and major numbers for the protocol, as well as a server-specific...

CVE-2001-1203

Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges...

OpenServer crontab format string bug

Format string bug in command line arguments parsing...

iXsecurity.20020314.csadmin_fmt.a

iXsecurity Security Vulnerability Report No: iXsecurity.20020314.csadminfmt.a ======================================== Vulnerability Summary --------------------- Problem: Cisco Secure ACS webserver has a format string vulnerability. Threat: An attacker could send an "invalid" URL to the webserve...

CVE-2001-1034

Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for 1 faxrm or 2 faxalter...

KAV (AVP) for sendmail format string

Topic: Format string vulnerability in AVP for sendmail Author: 3APA3A Affected Software: KAV for sendmail 3.5.135.2 Vendor: Kaspersky Lab Vendor Notified: 30 May 2001 Risk: High/Average Remotely Exploitable: Yes Impact: DoS/Remote root compromise Released: 06 June 2001 Vendor URL:...

Потенциальная дырка в драйверах Windows NT/2000 (DbgPrint format string)

Во многих дрйверах ошибка форматной строки при вызови функции отладки...

[SECURITY] [DSA-009-1] multiple stunnel vulnerabilities

Package : stunnel Problem type : insecure file handling, format string bug Debian-specific: no Lez discovered a format string problem in stunnel a tool to create Universal SSL tunnel for other network daemons. Brian Hatch responded by stating he was already preparing a new release with multiple...

Security Advisory: FreeBSD-SA-00:58.chpass

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:58 Security Advisory FreeBSD, Inc. Topic: chpass family contains local root vulnerability Category: core Module: chfn/chpass/chsh/ypchfn/ypchpass/ypchsh/passwd Announced:...

CVE-2000-0583

vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives...

LPRng use_syslog() Remote Format String Arbitrary Command Execution

LPRng seems to be running on this port. Versions of LPRng prior to 3.6.24 are missing format string arguments in at least two calls to 'syslog' that handle user-supplied input. Using specially crafted input with format strings, an unauthenticated, remote attacker may be able to leverage these...

CVE-2000-0701

The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges...

Blue Panda Vulnerability Announcement: WFTPD/WFTPD Pro 2.41 RC12

================================================================= Blue Panda Vulnerability Announcement: WFTPD/WFTPD Pro 2.41 RC12 05/09/2000 dd/mm/yyyy [email protected] http://bluepanda.box.sk/ ================================================================= Problem: WFTPD will crash if a...

Immunix OS 6.2 - LC glibc format string

/ source: https://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide internationalization support according to the...

Удаленный root в proftpd

Дырка похожая на аналогичную в WU, связана с использованием ввода пользователя в качестве форматной строки...

WU-FTPD 2.4.22.5 .02.6.0 - Remote Format String Stack Overwrite (1)

WU-FTPD 2.4.22.5 .02.6.0 - Remote Format String Stack Overwrite 1 // source: https://www.securityfocus.com/bid/1387/info Washington University ftp daemon wu-ftpd is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a...

PT-2010-5656 · Linux +1 · Iscsitarget +1

Name of the Vulnerable Software and Affected Versions: iscsitarget versions prior to 1.4.19 iscsitarget versions 0.4.16 and earlier Linux SCSI target framework versions 1.0.3, 0.9.5, and earlier Description: The issue involves multiple vulnerabilities in the iscsitarget package that can lead to a...