SRT2003-04-04-1106 - AOLServer Proxy Daemon API unformatted syslog() call

Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...

passlogd buffer overflow

Buffer overflow on syslog packets processing...

CVE-2002-0916

Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call...

CVE-2002-0916

This CVE (CVE-2002-0916) affects Squid 2.4.STABLE6 and earlier, in the Stellar-X msntauth authentication module. The issue is a format string vulnerability in the allowuser code that handles the user name, where untrusted input is used in a syslog call, enabling remote code execution. Documents c...

CVE-2002-0851

The CVE-2002-0851 issue affects the ISDN4Linux (i4l) package, specifically the PPP daemon ipppd. A format string vulnerability in the device name command line argument is not properly sanitized in a syslog call, allowing a local user to exploit the flaw and gain root privileges. The connected doc...

CVE-2002-0851

Format string vulnerability in ISDN Point to Point Protocol PPP daemon ipppd in the ISDN4Linux i4l package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog...

CVE-2002-0412

Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via 1 an HTTP GET request, 2 a user name in HTTP authentication, or 3 a password in HTTP...

Check Point FW-1 Syslog Daemon - Unfiltered Escape Sequence

Check Point FW-1 Syslog Daemon - Unfiltered Escape Sequence source: https://www.securityfocus.com/bid/7161/info An issue has been discovered in Check Point FW-1 syslog daemon when attempting to process a malicious, remotely supplied, syslog message. Specifically, some messages containing escape...

Check Point FW-1 Syslog Daemon - Unfiltered Escape Sequence

source: https://www.securityfocus.com/bid/7161/info An issue has been discovered in Check Point FW-1 syslog daemon when attempting to process a malicious, remotely supplied, syslog message. Specifically, some messages containing escape sequences are not properly filtered out. This may result in...

plpnfsd format string bug

Format string bug on syslog call...

Tanne formatstring bug

syslog format string bug...

TANne 0.6.17 - Session Manager SysLog Format String

TANne 0.6.17 - Session Manager SysLog Format String // source: https://www.securityfocus.com/bid/6553/info TANne is a freely available, open source session management package. It is available for Unix and Linux operating systems. Due to programming error, it may be possible to exploit a format...

CVE-2002-1789

Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function...

zkfingerd 0.9.1 format string vulnerabilities (#NISR16122002A)

NGSSoftware Insight Security Research Advisory Name: zkfingerd Format String vulnerability Systems: zkfingerd version 0.9.1 and earlier Severity: High Risk Vendor URL: http://sourceforge.net/projects/zkfingerd Author: David Litchfield [email protected] Advisory URL:...

[ESA-20021029-028] syslog-ng: buffer overflow in macro handling code (UPDATED)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------+ | EnGarde Secure Linux Security Advisory October 29, 2002 | | http://www.engardelinux.org/ ESA-20021029-028 | | | | Package: syslog-ng | | Summary: buffer overflow in macro...

syslog-ng buffer overflow

Buffer overflow in parsing $HOST variable in configuration file...

CVE-2002-1200

Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute...

CVE-2002-1200

Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute...

DEBIAN-CVE-2002-1200

Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute...

[SECURITY] [DSA 175-1] New syslog-ng packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 175-1 [email protected] http://www.debian.org/security/ Martin Schulze October 15th, 2002 http://www.debian.org/security/faq -...