sendmail -- Incorrect multipart message handling

Problem Description A suitably malformed multipart MIME message can cause sendmail to exceed predefined limits on its stack usage. Impact An attacker able to send mail to, or via, a server can cause queued messages on the system to not be delivered, by causing the sendmail process which handles...

Linux Kernel Local DoS vulnerability.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello. I'd like to present one of Linux Kernel vulnerabilities. As far as I know, this one affects 2.6.x kernels. Problem - -- The problem lies in systimercreate in Linux/kernel/posix-timers.c. Each time user creates a posix timer, some kernel memory ...

Ubuntu 4.10 : bogofilter vulnerability (USN-26-1)

Antti-Juhani Kaijanaho discovered a Denial of Service vulnerability in bogofilter. The quoted-printable decoder handled certain Base-64 encoded strings in an invalid way which caused a buffer overflow and an immediate program abort. The exact impact depends on the way bogofilter is integrated int...

CVE-2005-3895

Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary w...

Sympa < 4.1.3 Privilege Escalation Vulnerability

The remote version of Sympa contains a vulnerability which can be exploited by malicious local user to gain escalated privileges. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Sendmail DEBUG Mode Leak Vulnerability

According to the version number of the remote mail server, a local user may be able to obtain the complete mail configuration and other interesting information about the mail queue. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and...

CVE-2005-3455

Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.10 have unknown impact and attack vectors, as identified by Oracle Vuln 1 APPS01 in Application Install; 2 APPS02 and 3 APPS03 in Application Object Library; 4 APPS05 and 5 APPS06 in Applications...

CVE-2005-2767

Buffer overflow in LeapFTP allows remote attackers to execute arbitrary code via a long Host string in a Site Queue .lsq file...

CVE-2005-2767

Buffer overflow in LeapFTP allows remote attackers to execute arbitrary code via a long Host string in a Site Queue .lsq file...

CVE-2005-2532

OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service client disconnection via a large number of packets that can not be decrypted...

CVE-2005-2531

OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial o...

CVE-2004-2422

Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service crash via 1 a long sender field to the Queue Manager or 2 a long To field to the Web Messaging component...

openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients

James Yonan reports: If the client sends a packet which fails to decrypt on the server, the OpenSSL error queue is not properly flushed, which can result in another unrelated client instance on the server seeing the error and responding to it, resulting in disconnection of the unrelated client...

RHEL 3 : cups (RHSA-2005:571)

Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System CUPS provides a portable printing layer for UNIXR operating system...

Moderate: Red Hat Security Advisory: cups security update

Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System CUPS provides a portable printing layer for UNIXR operating system...

CVE-2002-1939

FlashFXP 1.4 prints FTP passwords in plaintext when there are transfers in the queue, which allows attackers to obtain FTP passwords of other users by editing the queue properties...

Fedora Core 3 : kernel-2.6.11-1.27_FC3 (2005-392)

Tue May 17 2005 Dave Jones - Remove the unused and outdated Xen patches from the FC3 tree. - Mon May 16 2005 Dave Jones - Rebase to 2.6.11.10, fixing CVE-2005-1264 - Thu May 12 2005 Dave Jones - Rebase to 2.6.11.9, fixing CVE-2005-1263 - Tue May 10 2005 Dave Jones - Fix two bugs in x86-64 page...

CVE-2005-0719

Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service process crash for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd...

[Security Bulletin] SSRT4891 rev.0 HP Tru64 UNIX message queue local denial of service &#40;DoS&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBTU01109 REVISION: 0 SSRT4891 rev.0 - HP Tru64 UNIX message queue, local Denial of Service DoS NOTICE: There are no restrictions for distribution of this Security Bulletin provided that it remains complete and intact. The...

HP Tru64 Unix message queue DoS

Denial of service with system message queue interface...