cscope -- symlink attack vulnerability

cscope is vulnerable to a symlink attack which could lead to an attacker overwriting arbitrary files with the permissions of the user running cscope...

sircd -- remote reverse DNS buffer overflow

Secunia reports: A vulnerability in sircd can be exploited by a malicious person to compromise a vulnerable system. The vulnerability is caused by a boundary error in the code handling reverse DNS lookups, when a user connects to the service. If the FQDN Fully Qualified Domain Name returned is...

mailman XSS in user options page

From the 2.1.1 release notes: Closed a cross-site scripting vulnerability in the user options page...

mpg123 vulnerabilities

In 2003, two vulnerabilities were discovered in mpg123 that could result in remote code execution when using untrusted input or streaming from an untrusted server...

multiple buffer overflows in xboing

Steve Kemp reports in a Debian bug submission: Due to improper bounds checking it is possible for a malicious user to gain a shell with membership group 'games'. The binary is installed setgid games. Environmental variables are used without being bounds-checked in any way, from the source code:...

Cyrus IMAP pre-authentication heap overflow vulnerability

In December 2002, Timo Sirainen reported: Cyrus IMAP server has a remotely exploitable pre-login buffer overflow. ... Note that you don't have to log in before exploiting this, and since Cyrus runs everything under one UID, it's possible to read every user's mail in the system. It is unknown...

leafnode denial-of-service triggered by article request

The leafnode NNTP server may go into an unterminated loop with 100% CPU use when an article is requested by Message-ID that has been crossposted to several news groups when one of the group names is the prefix of another group name that the article was cross-posted to. Found by Jan Knutar...

pine remote denial-of-service attack

An attacker may send a specially-formatted email message that will cause pine to crash...

icecast 1.x multiple vulnerabilities

icecast 1.3.11 and earlier contained numerous security vulnerabilities, the most severe allowing a remote attacker to execute arbitrary code as root...

tiff -- divide-by-zero denial-of-service

A US-CERT vulnerability note reports: An Integer overflow in the LibTIFF library may allow a remote attacker to cause a divide-by-zero error that results in a denial-of-service condition...

security/cfs -- buffer overflow

Debian reports: Zorgon found several buffer overflows in cfsd, a daemon that pushes encryption services into the Unixtm file system. We are not yet sure if these overflows can successfully be exploited to gain root access to the machine running the CFS daemon. However, since cfsd can easily be...

nwclient -- multiple vulnerabilities

Insecure file permissions, network access control and DNS usage put systems that use Legato NetWorker at risk. When the software is running, several files that contain sensitive information are created with insecure permissions. The information exposed include passwords and can therefore be used...

pine insecure URL handling

An attacker may send an email message containing a specially constructed URL that will execute arbitrary commands when viewed...

eperl -- Remote code execution

David Madison reports: ePerl is a multipurpose Perl filter and interpreter program for Unix systems. The ePerl preprocessor contains an input validation error. The preprocessor allows foreign data to be "safely" included using the 'sinclude' directive. The problem occurs when a file referenced by...

nap allows arbitrary file access

According to the author: Fixed security loophole which allowed remote clients to access arbitrary files on our system...

pine remotely exploitable buffer overflow in newmail.c

Kris Kennaway reports a remotely exploitable buffer overflow in newmail.c. Mike Silbersack submitted the fix...

CCE contains exploitable buffer overflows

The Chinese Console Environment contains exploitable buffer overflows...

qpopper format string vulnerability

An authenticated user may trigger a format string vulnerability present in qpopper's UIDL code, resulting in arbitrary code execution with group ID mail' privileges...

xloadimage -- buffer overflow in FACES image handling

In 2001, zen-parse discovered a buffer overflow in xloadimage's FACES image loader. A maliciously crafted image could cause xloadimage to execute arbitrary code. A published exploit exists for this vulnerability. In 2005, Rob Holland discovered that the same vulnerability was present in xli...

squid -- possible abuse of cachemgr.cgi

The squid patches page notes: This patch adds access controls to the cachemgr.cgi script, preventing it from being abused to reach other servers than allowed in a local configuration file...

GNU finger vulnerability

GNU security announcement: GNU Finger unfortunately has not been updated in many years, and has known security vulnerabilities. Please do not use it in production environments...

TCP denial-of-service attacks against long lived connections

NISCC / UNIRAS has published an advisory that re-visits the long discussed spoofed TCP RST denial-of-service vulnerability. This new look emphasizes the fact that for some applications such attacks are practically feasible...