Advisory

No System Group - Advisory #11 - 03/02/05 Program : ngIRCd Homepage : http://arthur.ath.cx/~alex/ngircd/ Operating System : Linux and Unix-Compatible Vulnerable Versions : ngIRCd v0.8.2 and prior Risk : High Impact : Remote Format String Vulnerability DESCRIPTION ngIRCd is a portable IRC daemon written from scratch. It is easy to configure, supports server links (even with original ircds) and runs on hosts with changing IP addresses (such as dial-in networks). Currently supported platforms are AIX, A/UX, Darwin/Mac OS X, FreeBSD, HP-UX, IRIX, Linux, NetBSD, SunOS/Solaris, and Windows with Cygwin. Mo...

No System Group - Advisory #10 - 19/12/04 Program : IBOD/XIBOD ISDN Bandwidth On Demand Daemon Homepage : http://www.datenwelt.net/oss/ibod/ Vulnerable Versions : IBOD/XIBOD 1.5.0 and prior Risk : Low Impact : Local Stack Buffer Overflow Vulnerability DESCRIPTION Ibod is a daemon program for GNU/Linux that constantly monitors the ISDN interface for inbound and outbound traffic throughput. It was originally written by Björn Smith at Compound Systems AB. More informations at: http://www.datenwelt.net/oss/ibod/ DETAILS Ibod is affected by a buffer overflow bug in setattr() function ...

No System Group - Advisory #09 - 12/12/04 Program : Citadel/UX Homepage : http://www.citadel.org Operating System : Linux and Unix-Compatible Vulnerable Versions : Citadel/UX v6.27 and prior Risk : High Impact : Remote Format String Vulnerability DESCRIPTION Citadel/UX is an advanced client/server messaging and collaboration system for BBS and groupware applications. Users can connect to Citadel/UX using any telnet, WWW, or client software. Among the features supported are public and private message bases (rooms), electronic mail, real-time chat, paging, etc. The server is multithreaded and can easily s...

No System Group - Advisory #08 - 15/11/04 Program : Tom's IPX Tunneling Daemon - TipxD Homepage : http://tipxd.sourceforge.net Vulnerable Versions : TipxD 1.1.1 and prior Risk : Low Impact : Local Format String Vulnerability DESCRIPTION tipxd is an IPX tunneling daemon which snoops on a local network for IPX 802.3 traffic, packages it and sends it over one or many TCP/IP connections to tipxd running on remote machines where it is unpacked and sent via the local network. To the IPX networks, it then appears that the LANs are joined. This is a request for testing and big-finding. It is intended for playing IPX based ...

No System Group - Advisory #07 - 18/10/04 Program : Socat Homepage : http://www.dest-unreach.org/socat/ Vulnerable Versions : Socat 1.4.0.2 and below Risk : Low / Medium Impact : Local Format String Vulnerability DESCRIPTION Socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (terminal or modem, etc.), socket (Unix, IP4, IP6 - raw, UDP, TCP), a client for SOCKS4, proxy CONNECT, or SSL, etc. It provides forking, logging, and dumping, different modes for interprocess communication, and many more options. It can be used, fo...

No System Group - Advisory #06 - 24/09/04 Program : flc Homepage : http://ucon64.sourceforge.net/ Vulnerable Versions : flc 1.0.4 and prior Risk : Low / Medium Impact : Local Stack Buffer Overflow Vulnerability DESCRIPTION This may be freely redistributed under the terms of the GNU Public License flc lists information about the files in a directory, like 'ls' or 'dir' commands from the fileutils package. But in addition, it shows FILE_ID.DIZ information (from files and archives), ID3 tags (MP3), and MET files (eDonkey or Overnet) It is very useful for FTP admins or people who have a lot to do with f...

No System Group - Advisory #05 - 18/09/04 Program : glFTPd Homepage : http://www.glftpd.com Vulnerable Versions : glFTPd v2.00RC3 and prior Risk : Low / Medium Impact : Local Stack Buffer Overflow Vulnerability DESCRIPTION glFTPd is a very advanced ftp server with lots of possibilities. One of the main differences between many other ftp servers and glFTPd is that it has its own user database which can be completely maintained online using ftp site commands. Using ftp site commands it is also possible to see stats, view logs, execute scripts and do many more things. glFTPd runs within a chroot environment which makes it...

No System Group - Advisory #04 - 28/07/04 Program : Citadel/UX Homepage : http://www.citadel.org Operating System : Linux and Unix-Compatible Vulnerable Versions : Citadel/UX v6.23 and prior Risk : Medium / High Impact : Remote Denial of Service Vulnerability DESCRIPTION Citadel/UX is an advanced client/server messaging and collaboration system for BBS and groupware applications. Users can connect to Citadel/UX using any telnet, WWW, or client software. Among the features supported are public and private message bases (rooms), electronic mail, real-time chat, paging, etc. The server is multithreaded...

No System Group - Advisory #03 - 17/04/04 Program : Cherokee Web Server Homepage : http://www.0x50.org Vulnerable Versions : Cherokee 0.4.16 and prior Risk : Low / Medium Impact : Local Format String Vulnerability DESCRIPTION Cherokee is a tiny, very fast, lightweight Web server. It is implemented entirely in C, and has no dependencies beyond a standard C library. It is embeddable, extensible with plug-ins, and supports on-the-fly configuration by reading files or strings. More informations at: http://www.0x50.org DETAILS Cherokee Web Server is affected by a format string bug in the PRINT_ERROR() function to 66...

No System Group - Advisory #02 - 01/09/03 Program : MPlayer - The Movie Player for Linux Homepage : http://www.mplayerhq.hu Vulnerable Versions : Mplayer v0.91 and prior Risk : Low / Medium Impact : Stack Buffer Overflow DESCRIPTION MPlayer is a movie player for LINUX (runs on many other Unices, and non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, OGG/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, FLI, RM, NuppelVideo, YUV4MPEG, FILM, RoQ, PVA files, supported by many native, XAnim, and Win32 DLL codecs. More informations at: http://www.mplayerhq.hu DETAILS bash-2.05b$ gmplayer `perl...