1662 matches found
DHCP format tring bug
Format string bug via DNS name on syslog call...
proxytunnel format string bug
Format string bug on syslog...
Speedtouch USB driver for linux format string bugs
Format string bug on syslog call...
Cherokee formatstring bug
Format string bug on syslog call and gile logging in NCSA format, cherokeeloggerncsawritestring...
GLSA-200410-26 : socat: Format string vulnerability
The remote host is affected by the vulnerability described in GLSA-200410-26 socat: Format string vulnerability socat contains a syslog based format string vulnerablility in the 'msg' function of 'error.c'. Exploitation of this bug is only possible when socat is run with the '-ly' option, causing...
socat format string bug
syslog format string bug with -ly option...
socat: Format string vulnerability
Background socat is a multipurpose bidirectional relay, similar to netcat. Description socat contains a syslog based format string vulnerablility in the 'msg' function of 'error.c'. Exploitation of this bug is only possible when socat is run with the '-ly' option, causing it to log messages to...
socat -- format string vulnerability
Socat Security Advisory 1 states: socat up to version 1.4.0.2 contains a syslog based format string vulnerability. This issue was originally reported by CoKi on 19 Oct.2004 http://www.nosystem.com.ar/advisories/advisory-07.txt. Further investigation showed that this vulnerability could under some...
Debian DSA-175-1 : syslog-ng - buffer overflow
Balazs Scheidler discovered a problem in the way syslog-ng handles macro expansion. When a macro is expanded a static length buffer is used accompanied by a counter. However, when constant characters are appended, the counter is not updated properly, leading to incorrect boundary checking. An...
SUS (extended su) format string bug
Format string bug on syslog call...
CVE-2002-1200
Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute...
CVE-2002-1200
Balabit Syslog-NG is affected by CVE-2002-1200. Affected lines are syslog-ng 1.4.x before 1.4.15 and 1.5.x before 1.5.20. The issue arises from improper buffer size tracking during macro expansion when constant characters are appended to template filenames or output, leading to out-of-bounds writ...
CVE-2002-1200
Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute...
Cfengine CAUTH Command Remote Format String
Cfengine is running on this remote host. Cfengine contains a component, cfd, which serves as a remote-configuration client to cfengine. This version of cfd contains several flaws in the way that it calls syslog. As a result, trusted hosts and valid users if access controls are not in place can...
Lynx < 2.8.5 dev 6 Syslog URI Format String
Binary data 1737.prm...
Mandrake Linux Security Advisory : dhcp (MDKSA-2004:061)
A vulnerability in how ISC's DHCPD handles syslog messages can allow a malicious attacker with the ability to send special packets to the DHCPD listening port to crash the daemon, causing a Denial of Service. It is also possible that they may be able to execute arbitrary code on the vulnerable...
SUSE-SA:2002:039: syslog-ng
The remote host is missing the patch for the advisory SUSE-SA:2002:039 syslog-ng. The syslog-ng package is a portable syslog implementation which can be used as syslogd replacement. Syslog-ng contained buffer overflows in its macro expansion routines. These overflows could be triggered by remote...
SSLTelnet format string bug
Format string on syslog in ssltenetd SSLsetverify...
CVE-2004-0448
Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages...
CVE-2004-0623
GNU GNATS 4.00 is affected by a format string vulnerability in misc.c that can allow a remote attacker to execute arbitrary code via format specifiers in a string logged by syslog. The CVE-2004-0623 entry notes a high severity (base score 10.0, CVSS2: AV:N/AC:L/Au:N/C:C/I:C/A:C) with remote, unau...