Oracle Transparent Data Encryption master encryption key stored as plaintext

Overview Oracle Transparent Data Encryption master encryption key is stored as plaintext, which could allow an attacker to decrypt and read sensitive information within the database. Description Transparent Data Encryption TDE According to Oracle, Transparent Data Encryption "allows customers to...

VMware NAT Service vulnerable to buffer overflow via FTP PORT/EPRT commands

Overview The VMware NAT Service used in multiple VMware products contains a buffer overflow in the way it handles FTP PORT and EPRT commands. An attacker could execute arbitrary code with the privileges of the NAT service or cause a denial of service. Description VMware virtualization software...

mod_ssl fails to properly enforce client certificates authentication

Overview modssl, the Apache web server module for Secure Socket Layer SSL communications, may not properly authenticate client certificates. Description modssl provides Secure Socket Layer SSL communications for the Apache web server. SSL is designed to provide the ability to encrypt and...

Novell eDirectory iMonitor vulnerable to buffer overflow

Overview Novell eDirectory iMonitor contains a buffer overflow that can be remotely exploited to allow execution of arbitrary code or crash an affected system. Description Novell eDirectory iMonitor is a service for monitoring servers in an eDirectory installation. A buffer overflow exists in...

Microsoft Plug and Play contains a buffer overflow vulnerability

Overview Microsoft Plug and Play contains a flaw in the handling of message buffers that may result in local or remote arbitrary code execution or denial-of-service conditions. Description The following is from the Microsoft Plug and Play description: Plug and Play PnP allows the operating system...

Computer Associates BrightStor ARCserve Backup Agents vulnerable to buffer overflow

Overview Several Computer Associates BrightStor ARCserve Backup Agents contain a buffer overflow, which may allow a remote attacker to execute arbitrary code. Description Computer Associates BrightStor ARCserve Backup is a cross-platform backup and recovery application. Backup Agents are availabl...

Mozilla Firefox insecurely handles content from external applications

Overview Mozilla Firefox does not properly enforce domain restrictions on content sent by external applications, allowing a remote attacker to execute code on a vulnerable system. Description Mozilla Firefox can accept links from external applications, such as Flash and Quicktime. When such an...

Microsoft Color Management Module buffer overflow during profile tag validation

Overview Microsoft Color Management Module contains a flaw that may allow an attacker to execute arbitrary code. Description The Microsoft Color Management Module provides consistent color management operations between applications and devices, and transforms between colorspaces such as 'RGB' and...

Microsoft Outlook Express vulnerable to remote code execution

Overview A vulnerability in Microsoft Outlook Express's NNTP response parsing may allow an attacker to execute arbitrary code. Description Microsoft Outlook Express contains support for Network News Transfer Protocol NNTP data, which is defined in RFC 977 and RFC 2980. A flaw in Outlook Express'...

Microsoft Client Server Runtime System Vulnerability

Overview The Microsoft Client Server Runtime System CSRSS incorrectly validates certain messages potentially resulting in privilege elevation. Description CSRSS is the user-mode part of the Win32 subsystem. Win32.sys is the kernel-mode portion of the Win32 subsystem. The Win32 subsystem must be...

NotifyLink web client fails to adequately restrict access to administrative functions

Overview The NotifyLink web interface contains a vulnerability that allows authenticated normal users to access functions that have been disabled by an administrator. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The...

SquirrelMail may allow execution of arbitrary code

Overview SquirrelMail 1.2.6 may allow remote execution of arbitrary code via URL manipulation. Description From the SquirrelMail webpage:SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render i...

Microsoft Internet Explorer contains a Channel Definition Format (CDF) cross-domain vulnerability

Overview Microsoft Internet Explorer contains a vulnerability that may allow unintended information disclosure or remote code execution due to a flaw in handling Channel Definition Format CDF files. Description From the Microsoft Channel Definition Format description:Channel Definition Format CDF...

Opera may insecurely execute binary data encoded in a URI

Overview The Opera web browser fails to validate data encoded using the RFC 2397 scheme. A remote attacker may be able to execute arbitrary code on a vulnerable system. Description The Opera web browser fails to properly handle binary data encoded following the RFC 2397 specification for sending...

LibTIFF vulnerable to integer overflow via corrupted directory entry count

Overview An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF. A lack of validation on user supplied input may allow buffer overflow to occur. TIFF files contain...

Microsoft Windows processing of zip files contains a buffer overflow

Overview A buffer overflow exists in the way Microsoft Windows processes zip files that may allow remote code execution. Description Microsoft Windows XP and Windows Server 2003 feature the ability to natively handle zip files. Microsoft has released bulletin MS04-034 describing a remotely...

Microsoft Internet Explorer vulnerable to address bar spoofing on double byte character set systems

Overview Microsoft Internet Explorer contains a vulnerability in how it processes URLs on Double Byte Character Set DBCS systems. This could allow an attacker to spoof the address of a web site. Description Microsoft Internet Explorer contains a canonicalization error when it parses special...

Ethereal fails to properly handle malformed iSNS packets

Overview Ethereal contains a vulnerability in the way it processes Internet Storage Name Service iSNS packets. Description The Internet Storage Name Service iSNS protocol is used to automate the discovery, management, and configuration of iSCSI and Fibre Channel devices in an IP network. Ethereal...

Ethereal fails to properly handle malfored SNMP packets

Overview Ethereal contains a vulnerability in the way it processes Simple Network Management Protocol SNMP packets. Description The Simple Network Management Protocol SNMP protocol enables network and system administrators to remotely monitor and configure devices on the network devices such as...

Ethereal ISUP protocol dissector fails to properly decode ISUP packets

Overview Ethereal fails to properly decode ISDN User Part ISUP packets containing an overly long Interworking Function Address IWFA value. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing ISUP data. There is a vulnerability in the wa...

Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length

Overview There is a vulnerability in the Linux kernel memory management routines that allows local users to gain superuser privileges. Description The Linux kernel contains a vulnerability in the domremap call that allows software to create a virtual memory area VMA with a length of 0 bytes. This...

Check Point ISAKMP vulnerable to buffer overflow via Certificate Request

Overview A buffer overflow vulnerability exists in the Internet Security Association and Key Management Protocol ISAKMP implementation used in Check Point VPN-1, SecuRemote, and SecureClient products. An unauthenticated, remote attacker could execute arbitrary code with the privileges of the ISAK...

Apache mod_rewrite vulnerable to buffer overflow via crafted regular expression

Overview A vulnerability in a supplementary module to the Apache HTTP server could allow an attacker to execute arbitrary code on an affected web server under certain circumstances. Description The Apache HTTP server distribution includes a number of supplemental modules that provide additional...

Microsoft Exchange Server fails to properly handle specially crafted SMTP extended verb requests

Overview Microsoft Exchange fails to handle certain SMTP extended verbs correctly. In Exchange 5.5, this can lead to a denial-of-service condition. In Exchange 2000, this could permit an attacker to run arbitrary code. Description Microsoft Exchange is a popular collaboration product which includ...

Various UNIX and Linux PDF readers/viewers execute commands embedded within hyperlinks

Overview A vulnerability in various UNIX and Linux PDF viewers/readers may allow remote attackers to execute arbitrary commands on your system. Description Adobe Systems Incorporated describes PDF Portable Document Format as "a universal file format that preserves the fonts, images, graphics, and...

SGI IRIX vulnerable to DoS when user space program calls the PIOCSWATCH ioctl() function

Overview A vulnerability in the SGI IRIX PIOCSWATCH ioctl function may allow local attackers to crash the operating system. Description SGI states that PIOCSWATCH ioctl "establishes or clears a set of watched areas in the traced process." According to SGI Security Advisory 20030603-01-P, a local...

Various Axis products allow unauthorized remote privileged access

Overview A vulnerability in various Axis Communications products may allow unauthorized remote privileged access. Description Axis Communications Inc. produces network-enabled cameras and video servers. The company describes itself as "an innovative market leader in network video and print server...

ScriptLogic sets insecure permissions on "LOGS$" share

Overview Version 4.01 of ScriptLogic contains a vulnerability in the default permissions assigned to the network share used for logging. Description The ScriptLogic product from ScriptLogic, Inc. provides remote system administration capabilities for Microsoft Windows systems in a domain...

TCP/IP implementations handle unusual flag combinations inconsistently

Overview Various vendors' TCP/IP implementations handle packets containing unusual flag combinations in different ways, which may lead to a violation of implicit or explicit security policies. Description Background on TCP/IP Connection Semantics To establish a TCP connection, a client and server...

Remote Buffer Overflow in Sendmail

Overview There is a vulnerability in sendmail that may allow remote attackers to gain the privileges of the sendmail daemon, typically root. Description Researchers at Internet Security Systems ISS have discovered a remotely exploitable vulnerability in sendmail. This vulnerability could allow an...

SSH Secure Shell for Servers fails to remove child process from master process group

Overview A locally exploitable privilege escalation vulnerability exists in SSH Secure Shell versions 2.0.13 - 3.2.1. Description Secure Shell for Servers, developed by SSH Communications Security, does not properly remove the child process from the master process group after non-interactive...

Microsoft Internet Explorer allows read access to local files via incorrect VBScript handling

Overview A vulnerability in the cross-domain frame security model of Internet Explorer may allow remote attackers to view the contents of local files when a user views a malicious web page. Description There's a vulnerability in the cross-domain frame security model of Internet Explorer that may...

PostNuke does not adequately validate user input thereby allowing malicious user to bypass user authentication via SQL injection

Overview PostNuke does not adequately filter user input, allowing arbitrary MySQL query execution and user authentication without password. Description PostNuke is a web content management system based on PHPNuke, written in PHP. The article.php component of PostNuke versions 0.62, 0.63, and 06.4...

Sun Solaris ptexec does not adequately validate argument passed via -o option

Overview The Sun Solaris ptexec command is subject to a buffer overflow due to not adequately validating arguments passed via the -o option. Description A locally exploitable buffer overflow exists in the ptexec command which is included in the SUNWvts package. This package is not included in the...

Novell Netware RCONAG6 fails to validate user password when "Secure IP" is used to establish connection

Overview Novell Netware RCONAG6 allows users to gain access to the server without a password. Description Novell Netware RCONAG6 allows users to remotely administer a Novell host. A vulnerability in RCONAG6 makes it possible for a remote user to connect to the server without supplying a password...

SGI IRIX rpc.xfsmd does not filter shell metacharacters from user input before invoking popen() function

Overview The XFS journaling filesystem daemon uses a call to popen3 with unfiltered client-controlled input. This will lead to arbitrary command execution on remote systems. Description XFS is a 64-bit compliant journaling file system. The XFS journaling filesystem daemon xfsmd on SGI systems use...

util-linux package vulnerable to privilege escalation when "ptmptmp" file is not removed properly when using "chfn" utility

Overview The util-linux package contains a race condition vulnerability that can be used to elevate privileges on the system. Description util-linux is shipped with Red Hat Linux and numerous other Linux distributions. It contains a collection of utility programs, such as fstab, mkfs, and chfn. T...

Uudecode performs inadequate checks on user-specified output files

Overview The uudecode utility contains a vulnerability that allows an attacker to overwrite arbitrary files, symbolic links, and named pipes. Description The uudecode utility is used to decode files that have been encoded in the 7-bit printable format generated by uuencode. This format allows for...

Yahoo! Messenger contains buffer overflow in "IMvironment" field

Overview Yahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "imv" field of Yahoo! Messenger. Description A remotely exploitable buffer overflow exists in the "imv" field that may permit a remote attacker to execute arbitrary code ...

ISC DHCPD contains format string vulnerability when logging DNS-update requests

Overview The DHCP daemon DHCPD is a server that is used to allocate network addresses and assign configuration parameters to dynamically configured hosts. A format string vulnerability may permit an intruder to execute code with the privileges of the DHCP daemon typically root. Description The...

Sun Solaris cachefsd vulnerable to heap overflow in cfsd_calloc() function via long string of characters

Overview Sun's NFS/RPC cachefs daemon cachefsd is shipped and installed by default with Sun Solaris 2.5.1, 2.6, 7, and 8 SPARC and Intel architectures. Cachefsd caches requests for operations on remote file systems mounted via the use of NFS protocol. A remotely exploitable heap overflow exists i...

Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP Authorization header

Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. An HTTP Authorization header with a crafted password parameter could allow an unauthenticated remote attacker to cause a denial of...

klogd does not adequately handle NULL byte when parsing text using LogLine( )

Overview There is a denial-of-service vulnerability in certain distributions of the Linux kernel logging daemon klogd which could allow an attacker to cause klogd to hang. Description The Linux kernel logging daemon klogd can be forced to hang if it receives a null byte in a log message from the...

Linux kernel does not properly validate user input via sysctl for negative value

Overview Unprivileged local users can exploit the sysctl Linux kernel program to gain privileged access. Description A program called sysctl in the Linux kernel allows a privileged local user to read or write runtime system settings. Unprivileged local users are also allowed to use sysctl to read...

Multiple versions of OpenLDAP are vulnerable to denial-of-service attacks

Overview Multiple versions of OpenLDAP contain vulnerabilities that may allow denial-of-service attacks. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the CERT/CC encourages you to follow the...

Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "+.htr"

Overview A vulnerability exists in Microsoft Internet Information Server IIS that could disclose sensitive information contained in CGI-type files. Typically a CGI/script file on a web server should only be executable and not readable to remote users. Sensitive information contained in CGI-type...

Microsoft Internet Information Server (IIS) discloses contents of files via crafted request for .htr file

Overview A vulnerability exists in Microsoft Internet Information Server IIS which could disclose sensitive information contained in CGI-type files. Typically a CGI/script file on a web server should only be executable and not readable by remote users. Sensitive information contained in such a fi...

statd bounce vulnerability

Overview statd allows access to RPC services it shouldn't. Description Background rpc.statd and rpc.lockd are designed to work in conjunction with each other to manage NFS lock information in the event of a crash of an NFS client or server. The rpc service rpc.statd is a program designed to...

Notes default ECL allows execution of unsigned code

Overview Lotus Notes prior to version 5.02, had permissive ECLs that allow for the execution of malicious mail messages. Description A Notes ECL is a list consisting of a Notes Username and a set of permissions from the following list for Notes 4.6.x: Access to file system Access to current...

R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files

Overview A vulnerability in the R language that allows for arbitrary code to be executed directly after the deserialization of untrusted data has been discovered. This vulnerability can be exploited through RDS R Data Serialization format files and .rdx files. An attacker can create malicious RDS...