CVE-2004-0189

CVE-2004-0189 concerns a bug in the URL decoding '%xx' function in Squid 2.5.STABLE4 and earlier that can inject a NULL character into decoded URLs, causing Squid to compare only a portion of the requested URL against ACLs. This can allow bypass of url_regex-based access control lists. Public dis...

Linux kernel integer overflows

integer overflow on write in kNFSd and XDR decoding...

FreeBSD : ripMIME -- decoding bug allowing content filter bypass (164)

The following package needs to be updated: ripmime %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg85e19dffe60611d89b0a000347a4fa7d.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

Check Point VPN-1 products contain boundary error in the ASN.1 decoding library

Overview A vulnerability exists in Check Point's VPN-1 Server, which is included in many Check Point products. This vulnerability may permit a remote attacker to compromise the gateway system. Description Check Point VPN-1 Server is a Virtual Private Network VPN application. A buffer overflow...

ripMIME -- decoding bug allowing content filter bypass

ripMIME may prematurely terminate decoding Base64 encoded messages when it encounters multiple blank lines or other non-standard Base64 constructs. Virus scanning and content filtering tools that use ripMIME may therefore be bypassed. The ripMIME CHANGELOG file says: There's viruses going around...

ISS Protection Brief: Checkpoint VPN-1 ASN.1 Decoding Remote Compromise

-----BEGIN PGP SIGNED MESSAGE----- nternet Security Systems Protection Brief July 28, 2004 Check Point VPN-1 ASN.1 Decoding Remote Compromise Summary: ISS has shipped protection for a flaw X-Force has discovered in CheckPoint VPN-1 Server. The Check Point VPN-1 product is widely relied upon to...

Fedora Core 1 : squid-2.5.STABLE3-1.fc1 (2004-104)

Tue Mar 09 2004 Jay Fenlason 7:2.5.STABLE3-1.fc1 - Backport security fix for %00 hole. See CVE-2004-0189: The '%xx' URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass urlregex ACLs via a URL with a NULL '%00' character, which causes Squid to use only a portion...

Samba SWAT buffer overflow

Buffer overflow in Base64 decoding functions...

Potential Buffer Overrun in SWAT

Description The internal routine used by the Samba Web Administration Tool SWAT v3.0.2 and later to decode the base64 data during HTTP basic authentication is subject to a buffer overrun caused by an invalid base64 character. It is recommended that all Samba v3.0.2 or later installations running...

CVE-2004-0709

HP OpenView Select Access 5.0 through 6.0 does not correctly decode UTF-8 encoded unicode characters in a URL, which could allow remote attackers to bypass access restrictions...

Multiple Potential Buffer Overruns in Samba

Evgeny Demidov discovered that the Samba server has a buffer overflow in the Samba Web Administration Tool SWAT on decoding Base64 data during HTTP Basic Authentication. Versions 3.0.2 through 3.0.4 are affected. Another buffer overflow bug has been found in the code used to support the "mangling...

RHEL 2.1 / 3 : squid (RHSA-2004:133)

An updated squid package is available that fixes a security vulnerability in URL decoding and provides a new ACL type for protecting vulnerable clients. Squid is a full-featured Web proxy cache. A bug was found in the processing of %-encoded characters in a URL in versions of Squid 2.5.STABLE4 an...

FreeBSD : squid ACL bypass due to URL decoding bug (182)

The following package needs to be updated: squid %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg705e003a7f3611d896450020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...

RHEL 2.1 : tcpdump (RHSA-2003:033)

Updated tcpdump, libpcap, and arpwatch packages are available to fix an incorrect bounds check when decoding BGP packets and a possible denial of service. Tcpdump is a command-line tool for monitoring network traffic. The BGP decoding routines in tcpdump before version 3.6.2 used incorrect bounds...

HP OpenView Select Access protection bypass

Invalid URL esc-symbols decoding allows user to access protected directory...

[security bulletin] SSRT4719 hp OpenView Select Access remote unauthorized access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBMA01045 REVISION: 0 SSRT4719 rev.0 hp OpenView Select Access remote unauthorized access ----------------------------------------------------------------- NOTICE: There are no restrictions for distribution of this Bulletin...

HP OpenView Select Access fails to properly decode UTF-8 encoded unicode characters in URLs

Overview There is a vulnerability in the way HP OpenView Select Access decodes UTF-8 encoded unicode characters in URLs. This vulnerability could allow a remote user to gain access to resources the user would otherwise be unauthorized to access. Description HP OpenView Select Access is a software...

security flaw

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass urlregex ACLs via a URL with a NULL "%00" character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists...

Low: Red Hat Security Advisory: : Updated squid package fixes security vulnerability

An updated squid package is avaliable that fixes a security vulnerability in URL decoding and provides a new ACL type for protecting vulnerable clients. Squid is a full-featured Web proxy cache. A bug was found in the processing of %-encoded characters in a URL in versions of Squid 2.5.STABLE4 an...

CVE-2004-0189

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass urlregex ACLs via a URL with a NULL "%00" character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists...