socat: Format string vulnerability

Background socat is a multipurpose bidirectional relay, similar to netcat. Description socat contains a syslog based format string vulnerablility in the 'msg' function of 'error.c'. Exploitation of this bug is only possible when socat is run with the '-ly' option, causing it to log messages to...

socat -- format string vulnerability

Socat Security Advisory 1 states: socat up to version 1.4.0.2 contains a syslog based format string vulnerability. This issue was originally reported by CoKi on 19 Oct.2004 http://www.nosystem.com.ar/advisories/advisory-07.txt. Further investigation showed that this vulnerability could under some...

Debian DSA-175-1 : syslog-ng - buffer overflow

Balazs Scheidler discovered a problem in the way syslog-ng handles macro expansion. When a macro is expanded a static length buffer is used accompanied by a counter. However, when constant characters are appended, the counter is not updated properly, leading to incorrect boundary checking. An...

SUS (extended su) format string bug

Format string bug on syslog call...

CVE-2002-1200

Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute...

CVE-2002-1200

Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute...

CVE-2002-1200

Balabit Syslog-NG is affected by CVE-2002-1200. Affected lines are syslog-ng 1.4.x before 1.4.15 and 1.5.x before 1.5.20. The issue arises from improper buffer size tracking during macro expansion when constant characters are appended to template filenames or output, leading to out-of-bounds writ...

Lynx < 2.8.5 dev 6 Syslog URI Format String

Binary data 1737.prm...

Cfengine CAUTH Command Remote Format String

Cfengine is running on this remote host. Cfengine contains a component, cfd, which serves as a remote-configuration client to cfengine. This version of cfd contains several flaws in the way that it calls syslog. As a result, trusted hosts and valid users if access controls are not in place can...

Mandrake Linux Security Advisory : dhcp (MDKSA-2004:061)

A vulnerability in how ISC's DHCPD handles syslog messages can allow a malicious attacker with the ability to send special packets to the DHCPD listening port to crash the daemon, causing a Denial of Service. It is also possible that they may be able to execute arbitrary code on the vulnerable...

SUSE-SA:2002:039: syslog-ng

The remote host is missing the patch for the advisory SUSE-SA:2002:039 syslog-ng. The syslog-ng package is a portable syslog implementation which can be used as syslogd replacement. Syslog-ng contained buffer overflows in its macro expansion routines. These overflows could be triggered by remote...

SSLTelnet format string bug

Format string on syslog in ssltenetd SSLsetverify...

CVE-2004-0448

Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages...

CVE-2004-0623

Removed by vendor...

CVE-2004-0393

Format string vulnerability in the msg function for rlpr daemon rlprd 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function...

CVE-2004-0623

GNU GNATS 4.00 is affected by a format string vulnerability in misc.c that can allow a remote attacker to execute arbitrary code via format specifiers in a string logged by syslog. The CVE-2004-0623 entry notes a high severity (base score 10.0, CVSS2: AV:N/AC:L/Au:N/C:C/I:C/A:C) with remote, unau...

CVE-2004-0451

CVE-2004-0451 describes multiple format-string vulnerabilities in the Software Upgrade Protocol (SUP) affecting the internal logging functions logquit, logerr, and loginfo. The underlying issue allows a remote attacker to cause arbitrary code execution via format specifiers contained in syslog me...

CVE-2004-0623

Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog...

CVE-2004-0451

Multiple format string vulnerabilities in the 1 logquit, 2 logerr, or 3 loginfo functions in Software Upgrade Protocol SUP allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog...

CVE-2004-0393

Format string vulnerability in the msg function for rlpr daemon rlprd 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function...