CVE-2004-2395
https://notcve.org/view.php?id=CVE-2004-2395
Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060 http://www.mandriva.com/security/advisories?name=MDKSA-2004:045 http://www.securityfocus.com/bid/10370 https://exchange.xforce.ibmcloud.com/vulnerabilities/16180 •
CVE-2004-2396
https://notcve.org/view.php?id=CVE-2004-2396
passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060 http://www.mandriva.com/security/advisories?name=MDKSA-2004:045 http://www.securityfocus.com/bid/10370 https://exchange.xforce.ibmcloud.com/vulnerabilities/16179 •
CVE-2004-2394
https://notcve.org/view.php?id=CVE-2004-2394
Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060 http://www.mandriva.com/security/advisories?name=MDKSA-2004:045 http://www.securityfocus.com/bid/10370 https://exchange.xforce.ibmcloud.com/vulnerabilities/16178 •
CVE-2004-1307
https://notcve.org/view.php?id=CVE-2004-1307
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. • http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true http://www.kb.cert.org/vuls/id/539110 http://www.us-cert.gov/cas/techalerts/TA05-136A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175 https: •
CVE-2004-1098
https://notcve.org/view.php?id=CVE-2004-1098
MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header. MIMEDefang de MIME-tools 5.414 permite a atacantes remotos sortear escaner de virus mediante adjuntos en correo electrónico con virus que contengan una cadena de límite vacia en la cabecera Content-Type. • http://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.html http://www.gentoo.org/security/en/glsa/glsa-200411-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:123 http://www.securityfocus.com/bid/11563 https://exchange.xforce.ibmcloud.com/vulnerabilities/17940 •