1666 matches found
CVE-2000-1165
Balabit syslog-ng is affected by CVE-2000-1165 due to a parsing error in messages that lack a closing > in the priority specifier, allowing remote attackers to cause an application crash (DoS). The available records identify the affected software as Balabit syslog-ng and describe the issue as ...
HylaFAX vulnerability
Hi, I've found classical format bug while I was playing with HylaFAX server v4.1 beta2: $ -u /usr/sbin/hfaxd && /usr/sbin/hfaxd -q 'nn' SUID uucp Segmentation fault It crashes while calling syslog with user supplied fmt. Looks nasty. Sorry, I have no working exploit, I won't have one and I have n...
another format string bug
There is a format string bug in 'pwc' ftp://ftp.media-com.com.pl/pub/other/pwc.tar.gz. This CGI script is used to change users password via www blah!. writelog call syslog function, which 'eats' ; characters and log it to system logs. But you can paste shellcode into buffers512 and syslog will ru...
Дырка в CGI pwc (format string bug)
Ошибка форматной строки при работе с syslog...
Дырка в Mars_nwe
Ошибка форматной строки при вызове syslog...
FreeBSD-SA-01:02.syslog-ng
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:02 Security Advisory FreeBSD, Inc. Topic: syslog-ng remote denial-of-service Category: ports Module: syslog-ng Announced: 2001-01-15 Credits: Balazs Scheidler Affects:...
ml2 - Local users can Crash processes
include include include include error int mainint argc, char argv char foo1000; char bigmsg10000; char s, holds; int i = 0; memsetbigmsg, 'X', sizeofbigmsg-1; if argc \n", argv0; exit1; // fork; memsetfoo, 0, sizeoffoo; snprintffoo, sizeoffoo, "/proc/%s/stat", argv1; while accessfoo, FOK == 0 s =...
[SECURITY] [DSA-009-1] multiple stunnel vulnerabilities
Package : stunnel Problem type : insecure file handling, format string bug Debian-specific: no Lez discovered a format string problem in stunnel a tool to create Universal SSL tunnel for other network daemons. Brian Hatch responded by stating he was already preparing a new release with multiple...
Stunnel format bug
Macaroon Advisory Hi, ppl We have recently discovered a format bug in stunnel= 3.8 in which the log function calls directly the syslog with only two parameters: sysloglevel, text. It should be sysloglevel, "s", text. If a user can pass any string that is written to the log file, he can exploit th...
LPRng can pass user-supplied input as a format string parameter to syslog() calls
Overview A popular replacement software package to the BSD lpd printing service called LPRng contains at least one software defect known as a "format string vulnerability" which may allow remote users to execute arbitrary code on vulnerable systems. The privileges of such code will probably be...
DoS possibility in syslog-ng
BalaBit security advisory Advisory ID: BB-2000/01 Package: syslog-ng Versions affected: versions prior to and including 1.4.8 Problem type: remote DoS attack Date: 2000-11-22 1 Background syslog-ng is a portable syslog implementation. Its highlights include regexp based log selection, TCP transpo...
DoS против syslog-ng
Определенная комбинация символов приводи к краху сервиса...
CVE-2000-0583
CVE-2000-0583 affects the vpopmail package: the vchkpw program (versions prior to 4.8) fails to properly cleanse an untrusted format string in a syslog call, enabling remote users to trigger a denial of service by sending a USER or PASS command containing formatting directives. The remediation is...
Format strings: bug #2: LPRng
Hi, SUMMARY ------- LPRng is almost certainly vulnerable to remote-root compromise on account of a format string bug. The flaw is almost identical to the rpc.statd one I found; namely a faulty syslog wrapper. This is becoming a very common flaw. Details ------- Here is a code excerpt from:...
Format strings: bug #1: BSD-lpr
Hi, INTRO ----- Welcome to a short series of security bugs, all involving mistakes with "user supplied format strings". This class of bug is very popular on Bugtraq at the moment, so what an ideal time for a few examples. BSD-lpr ------- If we look into lpr/lpd/printjob.c, we can find the followi...
irix.telnetd.txt
We've found a very severe vulnerability in the IRIX telnetd service that upon successful exploitation can give remote root access to any IRIX 6.2-6.5.8m,f system. The bug discussed here appeared in IRIX 5.2-6.1 systems and was the result of SGI efforts to patch a security vulnerability reported b...
Conectiva 4.x/5.x / Debian 2.x / RedHat 6.x / S.u.S.E 6.x/7.0 / Trustix 1.x - rpc.statd Remote Format String (2)
// source: https://www.securityfocus.com/bid/1480/info A vulnerability exists in the 'rpc.statd' program, which is part of the 'nfs-utils' package that is shipped with a number of popular Linux distributions. Because of a format-string vulnerability when calling the 'syslog' function, a remote...
CVE-2000-0583
vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives...
PT-2000-1517 · Vpopmail · Vpopmail
Name of the Vulnerable Software and Affected Versions: vpopmail versions prior to 4.8 Description: The issue is related to the vchkpw program in vpopmail, which does not properly cleanse an untrusted format string used in a call to syslog. This allows remote attackers to cause a denial of service...
fcheck.txt
The short explanation: fcheck is a file integrity checker written in perl. It can send warnings to syslog via an external program such as logger1. Because it calls system with a scalar argument, a malicious user can cause it to execute programs by creating files with shell metacharacters in their...