ssldump Format String Vulnerability BugTraq ID: 2096 Remote: Yes Date Published: 2000-12-11 Relevant URL: http://www.securityfocus.com/bid/2096 Summary: ssldump is a traffic analyzer for monitoring network traffic in real time. It is written and maintained by Eric Rescorla. A problem exists which could allow the arbitrary execution of code. The problem exists in the ssldump handling of format strings. ssldump requires elevated privileges to listen to traffic crossing the network interface. While monitoring traffic, the encounter of format strings in a URL will cause the program to segmentation fault. Potentially, this could lead to the overwriting of stack variables and arbitrary execution of code with administrative access, if exploited by a malicious user. University of Washington Pico File Overwrite Vulnerability BugTraq ID: 2097 Remote: No Date Published: 2000-12-11 Relevant URL: http://www.securityfocus.com/bid/2097 Summary: A vulnerability exists in several versions of University of Washington's Pico, a widely-distributed text editor shipped with most versions of Linux / Unix. Under very specific circumstances, it is possible to cause this version of Pico to overwrite arbitrary files with the privilege level of the victim user. As a result, if the attacker is able to correctly predict the name of the editor's temporary file, the current contents of the editor can be written to key system files or other data to which the user has write privileges. Depending on the user's privilege level, this could have a range of negative impacts on the host's security and operation. Versions 3.8 and 4.3 of Pico have been confirmed vulnerable. Other versions are likely affected as well. [ pine contient pico ] Roaring Penguin PPPoE Denial of Service Vulnerability BugTraq ID: 2098 Remote: Yes Date Published: 2000-12-11 Relevant URL: http://www.securityfocus.com/bid/2098 Summary: Roaring Penguin Software's PPPoE is a freeware PPP over Ethernet client often used by ADSL subscribers running Linux or NetBSD. PPPoE contains a possibly remotely exploitable denial of service vulnerability in its handling of TCP packets when the Clamp_MSS option is used. If PPPoE recieves a malformed TCP packet with a "zero-length option", PPPoE will go into an infinite loop. As a result, the ppp connection being supported by PPPoE will time out and be terminated. A manual re-start is needed to regain functionality. This bug has been fixed by Roaring Penguin Software in a new version, see the solutions section. [ tr�s dr�le que l'ADSL soit impl�ment� par du PPP-over-Ethernet ] - Pour poster une annonce: [EMAIL PROTECTED]
