27 matches found
Linux Kernel < 2.6.16.18 (Netfilter NAT SNMP Module) Remote DoS Exploit
Exploit for linux platform in category dos / poc ======================================================================= Linux Kernel Yuri Gushin A patch review we did on the 2.6.16.17-18 Linux kernel source tree revealed a restructuring of code in the snmpparsemangle and the snmptrapdecode...
Linux Kernel 2.6.16.18 - Netfilter NAT SNMP Module Remote Denial of Service
Linux Kernel 2.6.16.18 - Netfilter NAT SNMP Module Remote Denial of Service / ecl-nf-snmpwn.c - 30/05/06 Alex Behar Yuri Gushin A patch review we did on the 2.6.16.17-18 Linux kernel source tree revealed a restructuring of code in the snmpparsemangle and the snmptrapdecode functions. After furthe...
Microsoft Windows - Malformed IP Options Denial of Service (MS05-019)
Microsoft Windows - Malformed IP Options Denial of Service MS05-019 / ecl-winipdos.c - 16/04/05 Yuri Gushin Alex Behar This one was actually interesting, an off-by-one by our beloved M$ : When processing an IP packet with an option size 2nd byte after the option of 39, it will crash - since the...
CVE-2000-0891
The CVE-2000-0891 issue concerns Lotus Notes prior to 5.02 where default ECLs were permissive enough to allow arbitrary code execution when a user opens an email containing a malicious program attached to the message. The underlying cause is a misconfigured ECL that lets an attacker attach a prog...
PT-2001-1156 · Ibm · Lotus Notes Client
Name of the Vulnerable Software and Affected Versions: Lotus Notes Client R5 Description: The issue concerns the Extended Control List ECL feature of the Java Virtual Machine JVM in the affected software. It allows malicious web site operators to determine the existence of files on the client by...
CVE-2000-1117
CVE-2000-1117 affects the Lotus Notes Client R5. The JVM’s Extended Control List (ECL) feature enables a timing side channel via getSystemResource to infer whether a local file exists, by comparing dialog timing when a Java applet accesses local files. An attacker using a malicious applet in the ...
Notes default ECL allows execution of unsigned code
Overview Lotus Notes prior to version 5.02, had permissive ECLs that allow for the execution of malicious mail messages. Description A Notes ECL is a list consisting of a Notes Username and a set of permissions from the following list for Notes 4.6.x: Access to file system Access to current...