ICMP-based blind connection-reset attack

Folks, Here's the packet trace and the explanation of an ICMP-based blind connection-reset attack. In our sample scenario, a web-client 10.0.0.1, TCP port 3270 is downloading a file from a web-server 192.168.0.1, TCP port 80. If the TCP/IP implementations of both end-points are vulnerable,you can...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENVUSERVAR...

CVE-2003-1135

CVE-2003-1135 concerns Yahoo! Messenger 5.6, where a buffer overflow in the sendfile handling can be triggered by a crafted file send request containing a large number of percent characters after the Yahoo ID. The issue is described as a denial of service (crash). Connected sources consistently i...

CVE-2005-0981

Multiple cross-site scripting XSS vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 payment or 2 send parameter...

CVE-2005-1020

Secure Shell SSH 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service device reload 1 via a username that contains a domain name when using a TACACS+ server to authenticate, 2 when a new SSH session is in the login phase and a currently logged in user issues a sen...

CVE-2005-0981

Multiple cross-site scripting XSS vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 payment or 2 send parameter...

CVE-2004-0961

Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service memory exhaustion via a series of Access-Request packets with 1 Ascend-Send-Secret, 2 Ascend-Recv-Secret, or 3 Tunnel-Password attributes...

CVE-2004-0971

The krb5-send-pr script in the kerberos5 krb5 package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

security flaw

The krb5-send-pr script in the kerberos5 krb5 package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-2529

Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities...

security flaw

Memory leak in the ipoptionsget function in the Linux kernel before 2.6.10 allows local users to cause a denial of service memory consumption by repeatedly calling the ipcmsgsend function...

security flaw

The scmsend function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service system hang via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition...

woolchat.txt

Hi, I found a bug about WoolChat japanese popular irc client http://www.vector.co.jp/soft/win95/net/se091872.html which allow anyone to kill victim's WoolChat. It has a problem to handle DCC SEND query so if 260 or more bytes file name is specified, it exits immediately with error dialog. DoS...

security flaw

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service server crash by sending an Ascend-Send-Secret attribute without the required leading packet...

CVE-2004-0938

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service server crash by sending an Ascend-Send-Secret attribute without the required leading packet...

DEBIAN-CVE-2004-0938

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service server crash by sending an Ascend-Send-Secret attribute without the required leading packet...

CVE-2004-0938

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service server crash by sending an Ascend-Send-Secret attribute without the required leading packet...

[SA12967] Kerberos V5 "send-pr.sh" Script Insecure Temporary File Creation

TITLE: Kerberos V5 "send-pr.sh" Script Insecure Temporary File Creation SECUNIA ADVISORY ID: SA12967 VERIFY ADVISORY: http://secunia.com/advisories/12967/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Kerberos V5 http://secunia.com/product/556/ DESCRIPTION: A...

GLSA-200410-24 : MIT krb5: Insecure temporary file use in send-pr.sh

The remote host is affected by the vulnerability described in GLSA-200410-24 MIT krb5: Insecure temporary file use in send-pr.sh The send-pr.sh script creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create symbolic links in the...

MIT krb5: Insecure temporary file use in send-pr.sh

Background MIT krb5 is the free implementation of the Kerberos network authentication protocol written by the Massachusetts Institute of Technology. Description The send-pr.sh script creates temporary files in world-writeable directories with predictable names. Impact A local attacker could creat...