HP Tru64 UNIX "quot" contains buffer overflow (SSRT2191)

Overview The HP Tru64 UNIX implementation of "quot" contains a locally exploitable buffer overflow. Description "quot" is used to summarize file system ownership. A locally exploitable buffer overflow in "quot" may permit a local attacker to gain elevated privileges and execute arbitrary code on ...

HP Tru64 UNIX "lpd" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "lpd" contains a locally exploitable buffer overflow. Description "lpd" is used to handle the printer spool area. A locally exploitable buffer overflow in "lpd" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...

Novell Netware RCONAG6 fails to validate user password when "Secure IP" is used to establish connection

Overview Novell Netware RCONAG6 allows users to gain access to the server without a password. Description Novell Netware RCONAG6 allows users to remotely administer a Novell host. A vulnerability in RCONAG6 makes it possible for a remote user to connect to the server without supplying a password...

Microsoft SQL Server contains buffer overflow in code used to process "BULK INSERT" queries

Overview The Microsoft SQL Server contains a buffer overflow vulnerability that may allow remote attackers to execute arbitrary code with system privileges. Description The Microsoft SQL Server contains a buffer overflow vulnerability in the code used to process "Bulk Insert" queries. Bulk Insert...

Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) does not adequately validate file operations

Overview The Common Desktop Environment CDE ToolTalk RPC database server does not adequately validate file operations and follows symbolic links, allowing a local attacker to overwrite any file that is writeable by the server. The ToolTalk RPC database server typically runs with root privileges...

Network Associates PGP Outlook Plug-in contains buffer overflow in decoding mechanism

Overview A remotely exploitable buffer overflow exists in the Network Associates PGP Outlook Plug-in. Description As reported in eEye Digital Security Advisory AD20020710, a remotely exploitable buffer overflow exists in the PGP Outlook Plug-in. By sending a specially crafted message to a victim,...

Microsoft SQLXML ISAPI filter vulnerable to buffer overflow via contenttype parameter

Overview A buffer overflow vulnerability exists in the Microsoft SQLXML Internet Services Application Programming Interface ISAPI extension for Internet Information Server IIS. This vulnerability could allow a remote attacker to cause a denial of service or execute arbitrary code with LocalSystem...

Cisco ATA-186 Password Circumvention / Recovery

The remote host appears to be a Cisco ATA-186 - an analog telephone adapter used to interface analog telephones to VoIP networks. The adapter is configured via a web interface that has a security bypass vulnerability. It is possible to bypass authentication by sending an HTTP POST request with a...

Microsoft IIS .HTR ISAPI Filter Enabled

The IIS server appears to have the .HTR ISAPI filter mapped. At least one remote vulnerability has been discovered for the .HTR filter. This is detailed in Microsoft Advisory MS02-018, and gives remote SYSTEM level access to the web server. It is recommended that, even if you have patched this...

Cisco IOS discloses fragments of previous packets when Express Forwarding is enabled

Overview A vulnerability exists in multiple versions of Cisco's Internetworking Operating System IOS software that allows an attacker to collect fragments of previously processed packets. Description Many networking devices running Cisco IOS with Cisco Express Forwarding CEF enabled contain a...

Compaq web-enabled management software buffer overflow vulnerability

Overview The Compaq web-enabled management software contains a buffer overflow. Remote intruders may be able to execute arbitrary code with privileges on affected systems. Many Compaq products are affected, from personal computers to commercial UNIX operating systems. Description The Compaq...

Weak CRC allows packet injection into SSH sessions encrypted with block ciphers

Overview There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. Description Preconditions: Attacker has a fragment of plaintext and its corresponding ciphertext. Attacker must be able to actively...

SSH CRC32 attack detection code contains remote integer overflow

Overview There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. Description There is a remote integer overflow vulnerability in several implementation...

IBM AIX setclock buffer overflow in remote timeserver argument

Overview There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Description The setclock command sets the system's clock from a remote time server. This command contains a buffer overflow in the handling of the remote timeserver hostname...

IBM AIX digest buffer overflow in filename argument to command

Overview There is a buffer overflow in the digest command that may allow a local attacker to gain root privileges. Description The digest command is intended to be run by the qdaemon to generate a binary version of the queue configuration daemon information stored in /etc/qconfig. The digest...

IBM AIX nslookup buffer overflow in lex routines

Overview There is a problem with the nslookup program related to the handling of long strings. Description This problem is reported to be the result of incorrect bounds checking on the part of the lex routines used in nslookup. This vulnerability is mentioned in an IBM advisory as being exploited...

IBM AIX portmir buffer overflow

Overview There is a buffer overflow vulnerability in the AIX portmir command that may allow local attackers to gain root privileges. Description There is a buffer overflow in the AIX portmir command. This problem was described in IBM ERS security bulletin: ERS-SVA-E01-1997:006.1. --- Impact...

Microsoft Windows 2000 Telnet Service allows unprivileged local users to terminate sessions via unprotected system calls

Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows unprivileged local users to terminate existing telnet sessions. Description The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows unprivileged local users to execute...

Curses library vulnerable to buffer overflow

Overview The curses library derived from System V contains a buffer overflow. A local user can execute a command that uses this library to exploit the vulnerability and gain elevated privileges. Description There is a buffer overflow in the curses library that could permit a local user to gain...

Microsoft Windows 2000 Service Control Manager creates predictably named pipes

Overview A vulnerability exists in the Microsoft Windows 2000 Service Control Manager which could allow local users to gain control of the system. Description A vulnerability exists in the Service Control Manager SCM function. This function creates named pipes for system services. More informatio...