CVE-2004-0257
https://notcve.org/view.php?id=CVE-2004-0257
OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port. OpenBSD 3.4 y NetBSD 1.6 y 1.6.1 permiten a atacantes remotos causar una denegación de servicio (caida) enviand un paquete IPv6 con una MTU pequeña a un puerto en escucha y a continuación un conectar TCP a ese puerto. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-002.txt.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016704.html http://marc.info/?l=bugtraq&m=107604603226564&w=2 http://www.guninski.com/obsdmtu.html http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet6/ip6_output.c http://www.osvdb.org/3825 http://www.securityfocus.com/bid/9577 https://exchange.xforce.ibmcloud.com/vulnerabilities/15044 •
CVE-2004-0819
https://notcve.org/view.php?id=CVE-2004-0819
The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet. • http://marc.info/?l=bugtraq&m=109345131508824&w=2 http://openbsd.org/errata34.html https://exchange.xforce.ibmcloud.com/vulnerabilities/17129 •
CVE-2004-0492 – httpd mod_proxy buffer overflow
https://notcve.org/view.php?id=CVE-2004-0492
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. Desbordamiento de búfer basado en el montón en proxy_util.c de mod_proxy en Apache 1.3.25 a 1.3.31 permite a atacantes remotos causar un denegación de servicio (caída del proceso) y posiblemente ejecutar código de su elección mediante un campo de cabecera HTTP Content-Length negativo, lo que causa que una gran cantidad de datos sean copiados. • ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://marc.info/?l=bugtraq&m=108711172710140&w=2 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://rhn.redhat.com/errata/RHSA-2004-245.html http://seclists.org/lists/fulldisclosure/2004/Jun/0296.html http://secunia.com/advisories/11841 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1 http://sunsolve.s •
CVE-2004-0417
https://notcve.org/view.php?id=CVE-2004-0417
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space. Desobordamiento de enteros en la orden de protocolo CVS "Max-dotdot" (serve_max_dotdot) en CVS 1.12.x a 1.12.8 y 1.11.x a 1.11.16 puede permitir a atacantes remotos causar una caída del servidor, lo que podría hacer que datos temporales permanezcan sin detectar y consumir espacio en disco. • ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://marc.info/?l=bugtraq&m=108716553923643&w=2 http://security.e-matters.de/advisories/092004.html http://security.gentoo.org/glsa/glsa-200406-06.xml http://www.debian.org/security/2004/dsa-519 http://www.mandriva.com/security/advisories?name=MDKSA-2004:058 http://www.redhat.com/support/errata/RHSA-2004-233.html https:/ •
CVE-2004-0414
https://notcve.org/view.php?id=CVE-2004-0414
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. CVS 1.12.z a 1.12.8, y 1.11.x a 1.11.16, no maneja adecuadamente líneas "Entry" malformadas, lo que impide que un terminador NULL sea usado y puede conducir a una denegación de servicio (caída), modificación de datos de programa críticos, o ejecución de código arbitrario. • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://marc.info/?l=bugtraq&m=108716553923643&w=2 http://security.e-matters.de/advisories/092004.html http://security.gentoo.org/glsa/glsa-200406-06.xml http://www.debian.org/security/2004/dsa-517 http://www.mandriva.com/security/advisories?name=MDKSA-2004: •