MidnightBSD

Advisories for samhain_labs

CVE-2004-0159 HIGH

Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samhain_labs hsftp 1.10
samhain_labs hsftp 1.11
samhain_labs hsftp 1.7
samhain_labs hsftp 1.5
samhain_labs hsftp 1.9
samhain_labs hsftp 1.4
samhain_labs hsftp 1.6
CVE-2004-2409 HIGH

Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samhain_labs samhain 1.8.12a
samhain_labs samhain 2.0.0
samhain_labs samhain 1.8.9
samhain_labs samhain 2.0.1
samhain_labs samhain 1.8.10a
samhain_labs samhain 1.8.11
samhain_labs samhain 1.8.12
samhain_labs samhain 1.8.10
samhain_labs samhain 1.8.10b
samhain_labs samhain 1.8.12b
CVE-2004-2410 LOW

Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to cause a denial of service (null pointer dereference).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samhain_labs samhain 1.8.12a
samhain_labs samhain 2.0.0
samhain_labs samhain 1.8.9
samhain_labs samhain 2.0.1
samhain_labs samhain 1.8.10a
samhain_labs samhain 1.8.11
samhain_labs samhain 1.8.12
samhain_labs samhain 1.8.10
samhain_labs samhain 1.8.10b
samhain_labs samhain 1.8.12b
CVE-2009-4810 HIGH

The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
samhain_labs samhain 2.3.4
samhain_labs samhain 2.0.0
samhain_labs samhain 2.2.0
samhain_labs samhain 2.0.7
samhain_labs samhain 2.1.2
samhain_labs samhain 2.1.3
samhain_labs samhain 2.5.2
samhain_labs samhain 2.0.4
samhain_labs samhain 2.3.2
samhain_labs samhain 1.8.11
samhain_labs samhain 2.3.5
samhain_labs samhain 2.0.8
samhain_labs samhain 2.0.3
samhain_labs samhain 2.0.10
samhain_labs samhain 2.6.4
samhain_labs samhain 2.0.5
samhain_labs samhain 2.4.2
samhain_labs samhain 1.8.9
samhain_labs samhain 2.3.0
samhain_labs samhain 2.3.7
samhain_labs samhain 2.4.3
samhain_labs samhain 2.3.1
samhain_labs samhain 2.0.2
samhain_labs samhain 2.0.9
samhain_labs samhain 2.1.1
samhain_labs samhain 2.2.3
samhain_labs samhain 2.2.1
samhain_labs samhain 2.4.6
samhain_labs samhain 2.4.4
samhain_labs samhain 2.3.3
samhain_labs samhain 2.3.6
samhain_labs samhain 2.0.1
samhain_labs samhain 2.1.0
samhain_labs samhain 2.2.5
samhain_labs samhain 2.3.8
samhain_labs samhain 2.5.1
samhain_labs samhain *
samhain_labs samhain 2.4.1
samhain_labs samhain 2.2.4
samhain_labs samhain 2.0.6
samhain_labs samhain 2.4.0
samhain_labs samhain 2.4.5
samhain_labs samhain 1.8.12
samhain_labs samhain 1.8.10
samhain_labs samhain 2.5.0
samhain_labs samhain 2.2.2
samhain_labs samhain 2.2.6