3704 matches found
Microsoft IP Source Route Vulnerability
Overview A vulnerability in Microsoft Windows could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Source routing is a technique to determine the network route for a packet based on information supplied by the sender in the IP packet. The TCP/IP driver in so...
Apple Quicktime JPEG integer overflow
Overview Apple QuickTime fails to properly handle JPEG images. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. Description Apple's QuickTime Player is multimedia software that allows users to view local and remote...
Apple Safari fails to properly handle archive files containing symbolic links
Overview Apple Safari fails to properly handle archive files that contain symbolic links, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Safari Apple Safari is a web browser that comes with the Mac OS X operating system. Symbolic links Symbolic links are...
Microsoft Excel fails to properly perform range validation when parsing document files
Overview Microsoft Excel contains an error in range validation, which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel fails to properly validate ranges in data files. When a file with a malformed range is opened in Excel,...
Apple Safari vulnerable to buffer overflow
Overview Apple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Safari Apple Safari is a web browser that comes with the Mac OS X operating system. The Problem Apple Safari contains a stack-based...
Apple QuickTime fails to properly handle corrupt TGA images
Overview Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa TGA image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Several types of overflow...
Snort Back Orifice preprocessor buffer overflow
Overview A buffer overflow exists in the Snort Back Orifice preprocessor that may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. Description Snort is an open-source intrusion detection system IDS. A lack of validation on attacker-controlled...
Microsoft Plug and Play contains a buffer overflow vulnerability
Overview Microsoft Plug and Play contains a flaw in the handling of message buffers that may result in local or remote arbitrary code execution or denial-of-service conditions. Description The following is from the Microsoft Plug and Play description: Plug and Play PnP allows the operating system...
Mozilla insecurely clones objects and member functions
Overview Mozilla fails to enforce security restrictions on cloned base objects. This may allow a remote attacker to execute arbitrary code on a vulnerable web browser. Description Mozilla supports the use of JavaScript to perform client side scripting. JavaScript uses prototyping as a way to...
TCP does not adequately validate segments before updating timestamp value
Overview Certain TCP implementations may allow a remote attacker to arbitrarily modify host timestamp values, leading to a denial-of-service condition. Description The Transmission Control Protocol TCP is defined in RFC 793 as a means to provide reliable host-to-host transmission between hosts in...
Apple Mac OS X chpass/chfn/chsh utilities do not properly validate external programs
Overview Apple Mac OS X Directory Service utilities use external programs insecurely, potentially allowing an attacker to execute arbitrary code. Description The OS X Directory Services have three utilities chpass, chfn, and chsh to update information in the user database, such as user name,...
Apple Mac OS X Server Admin fails to properly restrict users from using the proxy service
Overview The Apple Mac OS X Server HTTP proxy service does not restrict access by default and may allow unintended remote users to use the service. Description Mac OS X Server includes a service to provide for HTTP proxying. The HTTP proxy service does not include any access restrictions in the...
Gaim vulnerable to DoS via specially crafted HTML
Overview Gaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition. Description From the Gaim project:Gaim is a multi-protocol instant messaging IM client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ Oscar...
Gaim vulnerable to HTML processing denial of service
Overview Gaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition. Description From the Gaim project:Gaim is a multi-protocol instant messaging IM client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ Oscar...
Apple Mac OS X vulnerable to information disclosure in "Message-ID" header
Overview The Mail application supplied with Apple's Mac OS X operating system identifies the system from which any electronic mail is sent. Description Mac OS X includes the Mail application for handling electronic mail. This application does include the Media Access Control MAC address of a...
LibTIFF vulnerable to integer overflow via corrupted directory entry count
Overview An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF. A lack of validation on user supplied input may allow buffer overflow to occur. TIFF files contain...
Microsoft Windows Program Group Converter vulnerable to buffer overflow
Overview Microsoft Program Group Converter contains a buffer overflow that may allow an attacker to execute arbitrary code. Description Microsoft describes Program Group Converter grpconv.exe as a application to "convert Program Manager Group files .grp extention that were created in Windows 3.1,...
Microsoft Internet Explorer vulnerable to address bar spoofing on double byte character set systems
Overview Microsoft Internet Explorer contains a vulnerability in how it processes URLs on Double Byte Character Set DBCS systems. This could allow an attacker to spoof the address of a web site. Description Microsoft Internet Explorer contains a canonicalization error when it parses special...
Microsoft Windows contains buffer overflow in processing of WMF and EMF image files
Overview A vulnerability in the way the Microsoft Windows Graphics Rendering Engine processes certain types of image files could allow an attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Graphics Rendering Engine supports a number of image formats...
util-linux login program discloses sensitive information
Overview util-linux login program uses a pointer that was previously freed and reallocated which could allow an attacker to gain access to sensitive information. Description util-linux is shipped with Red Hat and numerous other Linux distributions. It contains a collection of utility programs, su...
Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length
Overview There is a vulnerability in the Linux kernel memory management routines that allows local users to gain superuser privileges. Description The Linux kernel contains a vulnerability in the domremap call that allows software to create a virtual memory area VMA with a length of 0 bytes. This...
NTP service vulnerable to internal overflow if date / time offset is greater than 34 years
Overview NTP Network TIme Protocol contains an integer overflow vulnerability that may lead to clients receiving an incorrect date/time offset. Description NTP Network Time Protocol is a method by which client machines can synchronize the local date and time with a reference server. The server wi...
Apple Mac OS X contains a vulnerability in DiskArbitration when initializing writable removable media
Overview Apple Mac OS X contains a vulnerability in the way DiskArbitration initializes writable removable media. Description The DiskArbitration Server in Apple Mac OS X tracks new disks and provides notifications announcing their availability. There is a non-specific vulnerability identified as...
Check Point ISAKMP vulnerable to buffer overflow via Certificate Request
Overview A buffer overflow vulnerability exists in the Internet Security Association and Key Management Protocol ISAKMP implementation used in Check Point VPN-1, SecuRemote, and SecureClient products. An unauthenticated, remote attacker could execute arbitrary code with the privileges of the ISAK...
Apache mod_rewrite vulnerable to buffer overflow via crafted regular expression
Overview A vulnerability in a supplementary module to the Apache HTTP server could allow an attacker to execute arbitrary code on an affected web server under certain circumstances. Description The Apache HTTP server distribution includes a number of supplemental modules that provide additional...
Microsoft Windows BR549.DLL ActiveX control contains vulnerability
Overview The Microsoft Windows BR549.DLL ActiveX control, which provides support for the Windows Reporting Tool, contains an unknown vulnerability. The impact of this vulnerability is not known. Description Microsoft Security Bulletin MS03-032 briefly describes a vulnerability in the BR549.DLL...
IRISconsole allows login to the "iceadmin" account with incorrect password
Overview SGI IRIS console contains a vulnerability which may allow a local attacker to gain elevated privileges. Description SGI describes IRISconsole as a "central control point that manages and monitors servers and logs their activity." A vulnerability in IRISconsole may allow a local attacker ...
Cisco VPN 3000 Concentrator forces device to reload when processing malformed SSH initialization packet
Overview A vulnerability in some Cisco Virtual Private Network VPN products could allow a remote attacker to cause a denial of service. Description The Cisco VPN 3000 Series Concentrators and the Cisco VPN 3002 Hardware Clients are Virtual Private Network VPN platforms designed to provide secure...
Sun Java Runtime Environment allows untrusted applets to access information within trusted applets
Overview The Sun Java Runtime Environment JRE contains a vulnerability that may lead to sensitive information being leaked. Description Sun Microsystems describes the Sun JRE as follows:The Java RE provides the libraries, Java virtual machine, and other components necessary for you to run applets...
ScriptLogic sets insecure permissions on "LOGS$" share
Overview Version 4.01 of ScriptLogic contains a vulnerability in the default permissions assigned to the network share used for logging. Description The ScriptLogic product from ScriptLogic, Inc. provides remote system administration capabilities for Microsoft Windows systems in a domain...
TCP/IP implementations handle unusual flag combinations inconsistently
Overview Various vendors' TCP/IP implementations handle packets containing unusual flag combinations in different ways, which may lead to a violation of implicit or explicit security policies. Description Background on TCP/IP Connection Semantics To establish a TCP connection, a client and server...
PostNuke does not adequately validate user input thereby allowing malicious user to bypass user authentication via SQL injection
Overview PostNuke does not adequately filter user input, allowing arbitrary MySQL query execution and user authentication without password. Description PostNuke is a web content management system based on PHPNuke, written in PHP. The article.php component of PostNuke versions 0.62, 0.63, and 06.4...
X11 vulnerable to buffer overflow in handling of -xrm option
Overview The X11 library included with many UNIX variants contains a buffer-overflow vulnerability that may allow attackers to gain root privileges. Description The X11 library contains an unspecified buffer-overflow vulnerability. Programs that use this library and accept the -xrm option includi...
SGI IRIX rpc.xfsmd does not filter shell metacharacters from user input before invoking popen() function
Overview The XFS journaling filesystem daemon uses a call to popen3 with unfiltered client-controlled input. This will lead to arbitrary command execution on remote systems. Description XFS is a 64-bit compliant journaling file system. The XFS journaling filesystem daemon xfsmd on SGI systems use...
util-linux package vulnerable to privilege escalation when "ptmptmp" file is not removed properly when using "chfn" utility
Overview The util-linux package contains a race condition vulnerability that can be used to elevate privileges on the system. Description util-linux is shipped with Red Hat Linux and numerous other Linux distributions. It contains a collection of utility programs, such as fstab, mkfs, and chfn. T...
ISC DHCPD contains format string vulnerability when logging DNS-update requests
Overview The DHCP daemon DHCPD is a server that is used to allocate network addresses and assign configuration parameters to dynamically configured hosts. A format string vulnerability may permit an intruder to execute code with the privileges of the DHCP daemon typically root. Description The...
rpc.rwalld contains remotely exploitable format string vulnerability
Overview rpc.rwalld is a utility that is used to send a message to all terminals of a time sharing system. A format string vulnerability may permit a remote user to execute code with the privileges of the rwall daemon. Description rpc.rwalld is a utility that listens for remote wall requests. Wal...
Microsoft scriptlet.typlib ActiveX object unsafe for scripting from Internet Explorer
Overview The ActiveX control "scriptlet.typlib" is incorrectly marked "safe for scripting" in Internet Explorer IE versions 4.0 and 5.0, when it is actually unsafe for scripting. Description There exists a vulnerability in the default installation of an ActiveX control named "scriptlet.typlib,"...
Microsoft Internet Explorer Permits Remote Command Execution Through <OBJECT> Tag
Overview Microsoft Internet Explorer IE permits the remote execution of arbitrary commands via the tag. Description A vulnerability exists in the way that Microsoft Internet Explorer IE handles tags. If the CLASSID CLSID is unrecognized, then Internet Explorer will execute arbitrary commands...
RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 do not properly handle null characters in URL
Overview RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 contain a vulnerability in which the ACE/Agent does not properly handle null characters contained in a URL. A specially crafted request may cause ACE/Agent to enter a debugging mode, possibly...
TrendMicro InterScan WebManager contains buffer overflow in RegGo.dll
Overview A remotely exploitable buffer overflow exists in Trend Micro InterScan WebManager. Description InterScan WebManager is an application that inspects http traffic flowing into a network for known malicious code. This application also has the capability to restrict access to...
klogd does not adequately handle NULL byte when parsing text using LogLine( )
Overview There is a denial-of-service vulnerability in certain distributions of the Linux kernel logging daemon klogd which could allow an attacker to cause klogd to hang. Description The Linux kernel logging daemon klogd can be forced to hang if it receives a null byte in a log message from the...
Linux kernel does not properly validate user input via sysctl for negative value
Overview Unprivileged local users can exploit the sysctl Linux kernel program to gain privileged access. Description A program called sysctl in the Linux kernel allows a privileged local user to read or write runtime system settings. Unprivileged local users are also allowed to use sysctl to read...
Multiple versions of OpenLDAP are vulnerable to denial-of-service attacks
Overview Multiple versions of OpenLDAP contain vulnerabilities that may allow denial-of-service attacks. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the CERT/CC encourages you to follow the...
Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "+.htr"
Overview A vulnerability exists in Microsoft Internet Information Server IIS that could disclose sensitive information contained in CGI-type files. Typically a CGI/script file on a web server should only be executable and not readable to remote users. Sensitive information contained in CGI-type...
gpm creates temporary files insecurely
Overview gpm version 1.19.3, which usually runs as root, is vulnerable due to a flaw that allows a local user to exploit a race condition to corrupt files that gpm uses. Description gpm General Purpose Mouse is a program that lets you use the mouse in console mode when not using XWindows. It is...
KDE2 kdesu 'keep password' option does not verify socket listener potentially exposing su password
Overview kdesu is a interactive interface to the substitute user su command for the KDE environment. To pass authentication information, it creates a file that may be read by unauthorized users. Description kdesu communicates with su using a socket, implemented as a file in /tmp with a predictabl...
Microsoft Windows 2000 Kerberos service vulnerable to DoS via repeated invalid requests
Overview A core service of Microsoft Windows 2000 domain controllers fails to correctly handle certain invalid requests. After receiving a number of invalid requests, the domain controller may have to be rebooted to return it to correct operation. A disabled domain controller can interfere with t...
statd bounce vulnerability
Overview statd allows access to RPC services it shouldn't. Description Background rpc.statd and rpc.lockd are designed to work in conjunction with each other to manage NFS lock information in the event of a crash of an NFS client or server. The rpc service rpc.statd is a program designed to...
Notes default ECL allows execution of unsigned code
Overview Lotus Notes prior to version 5.02, had permissive ECLs that allow for the execution of malicious mail messages. Description A Notes ECL is a list consisting of a Notes Username and a set of permissions from the following list for Notes 4.6.x: Access to file system Access to current...