Format string bug in awhttpd (Re: [AP] awhttpd v2.2 local DoS)

Hello methodic, While testing a buffer overflow in you patch tpbuf is only 210 bytes, but you're lucky - getreqsi is only 100 bytes long : I've found classical exploitable syslog format string in this extremely secure product. Patch? - if priority=LOGLEVEL syslogtplev,buf; + if priority=LOGLEVEL...

Lynx format string vulnerability in URL logging.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The vendor has been notified, but since this is a low risk I am releasing early. Vapid Labs Larry W. Cashdollar Bug Report Summary: lynx has a format string vulnerability in LYUtils.c line 7995 due to a bad call to syslog, where the format argument is...

Stunnel format string bugs

Format string bug on syslog call...

Ошибка форматной строки в lynx при работе с логами (format string)

Ошибка форматной строки при работе с syslog если lynx собран с опцией --enable-syslog...

Ошибка форматной строки в perdition (format string)

Ошибка форматной строки при обращении к syslog...

Форматная строка в and - auto nice daemon (format string)

Ошибка форматной строки при вызове syslog...

Ошибка форматной строки в Cyrus-sasl (format string)

Ошибка форматной строки при обращении к syslog,...

CVE-2001-0609

Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function...

PT-2001-1807 · Infodrom · Cfingerd

Name of the Vulnerable Software and Affected Versions: Infodrom cfingerd versions 1.4.3 and earlier Description: A format string issue allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function. This can be exploited by sending a...

Ошибка форматной строки в KAV (AVP) для sendmail (format string)

Ошибка в avpkeeper при работе с syslog...

CVE-2000-1165

Balabit syslog-ng is affected by CVE-2000-1165 due to a parsing error in messages that lack a closing > in the priority specifier, allowing remote attackers to cause an application crash (DoS). The available records identify the affected software as Balabit syslog-ng and describe the issue as ...

HylaFAX vulnerability

Hi, I've found classical format bug while I was playing with HylaFAX server v4.1 beta2: $ -u /usr/sbin/hfaxd && /usr/sbin/hfaxd -q 'nn' SUID uucp Segmentation fault It crashes while calling syslog with user supplied fmt. Looks nasty. Sorry, I have no working exploit, I won't have one and I have n...

Дырка в CGI pwc (format string bug)

Ошибка форматной строки при работе с syslog...

another format string bug

There is a format string bug in 'pwc' ftp://ftp.media-com.com.pl/pub/other/pwc.tar.gz. This CGI script is used to change users password via www blah!. writelog call syslog function, which 'eats' ; characters and log it to system logs. But you can paste shellcode into buffers512 and syslog will ru...

Дырка в Mars_nwe

Ошибка форматной строки при вызове syslog...

FreeBSD-SA-01:02.syslog-ng

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:02 Security Advisory FreeBSD, Inc. Topic: syslog-ng remote denial-of-service Category: ports Module: syslog-ng Announced: 2001-01-15 Credits: Balazs Scheidler Affects:...

ml2 - Local users can Crash processes

include include include include error int mainint argc, char argv char foo1000; char bigmsg10000; char s, holds; int i = 0; memsetbigmsg, 'X', sizeofbigmsg-1; if argc \n", argv0; exit1; // fork; memsetfoo, 0, sizeoffoo; snprintffoo, sizeoffoo, "/proc/%s/stat", argv1; while accessfoo, FOK == 0 s =...

[SECURITY] [DSA-009-1] multiple stunnel vulnerabilities

Package : stunnel Problem type : insecure file handling, format string bug Debian-specific: no Lez discovered a format string problem in stunnel a tool to create Universal SSL tunnel for other network daemons. Brian Hatch responded by stating he was already preparing a new release with multiple...

Stunnel format bug

Macaroon Advisory Hi, ppl We have recently discovered a format bug in stunnel= 3.8 in which the log function calls directly the syslog with only two parameters: sysloglevel, text. It should be sysloglevel, "s", text. If a user can pass any string that is written to the log file, he can exploit th...

LPRng can pass user-supplied input as a format string parameter to syslog() calls

Overview A popular replacement software package to the BSD lpd printing service called LPRng contains at least one software defect known as a "format string vulnerability" which may allow remote users to execute arbitrary code on vulnerable systems. The privileges of such code will probably be...