Secure Elements Class 5 AVR client fails to properly validate a messages target CEID

Overview The Secure Elements Class 5 AVR client fails to properly validate a message's target CEID. This makes attacks easier, as the attacker does not need to guess the victim's true CEID. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security produ...

Multiple vendor SFTP logging format string vulnerability

Overview A logging function used by multiple vendors' SFTP servers contains a format string vulnerability, which may allow an authorized remote attacker to execute arbitrary code or cause a denial of service. Description SFTP SFTP Secure FTP is a file transfer application that uses SSH for...

Microsoft WMF memory corruption vulnerability

Overview Microsoft applications fail to properly handle Windows Metafile WMF images potentially allowing a remote attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Graphics Rendering Engine supports a number of image formats including WMF images. Windows...

Sun Java Web Start security bypass vulnerability

Overview A vulnerability in the Sun Java Web Start may allow an untrusted Java applet or application to bypass security restrictions and execute arbitrary code. Description Java Web Start technology allows Java applications and applets to be executed via HTTP. Remote applications and applets are...

Apple QuickTime TIFF image "StripByteCounts" integer overflow

Overview Apple QuickTime contains an integer overflow vulnerability in the handling of TIFF images, which may allow a remote unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Apple's QuickTime Player is multimedia software that...

RSA Authentication Agent for Web for IIS vulnerable to heap overflow via overly large "chunk"

Overview RSA Authentication Agent for Web for IIS contains a heap overflow in the handling of chunked input. This could allow a remote, unauthenticated attacker to execute arbitrary code on the server. Description RSA Authentication Agent software provides access control for networks, web...

Microsoft Object Management DoS Vulnerability

Overview Microsoft Object Management code has a buffer overflow vulnerability that can cause a system to reboot. Description A buffer overflow vulnerability in Microsoft Object Management code exists that could be attacked by sending specially crafted requests locally on an affected operating...

Cisco IOS IPv6 denial-of-service vulnerability

Overview A vulnerability in the way Cisco IOS handles IPv6 packets could result in a remotely exploitable denial of service. Description The Cisco Internetwork Operating System IOS includes support for processing Internet Protocol version 6 IPv6 packets. A vulnerability in the way that IOS handle...

Symantec Brightmail Anti-Spam Spamhunter UTF encoding error

Overview Symantec Brightmail Anti-Spam Spamhunter crashes when trying to convert certain valid character sets to UTF, resulting in a denial-of-service condition. Description Brightmail Anti-Spam Spamhunter is a spam filter designed for corporate environments. The Brightmail Anti-Spam Spamhunter...

Sun Java System Web Proxy Server vulnerable to buffer overflow

Overview Buffer overflow vulnerabilities in the Java System Web Proxy Server may allow remote attackers to execute arbitrary code or cause a denial-of-service condition. Description The Java System Web Proxy Server is a caching HTTP proxy server. A lack of bounds checking in the Java System Web...

Microsoft Windows SMTP component vulnerable to remote code execution

Overview A vulnerability in the mail handling service in some versions of Microsoft Windows could allow a remote attacker to compromise the affected system. Description The Simple Mail Transfer Protocol SMTP is the most common protocol for the delivery of electronic mail between systems on the...

MySQL fails to properly handle overly long "scramble" values

Overview There is a buffer overflow vulnerability in the way MySQL handles overly long "scramble" strings, which could allow an attacker to cause a denial of service or potentially execute arbitrary code. Description MySQL is an open-source database system available for Microsoft Windows, Linux,...

Perl vulnerable to buffer overflow in win32_stat()

Overview A flaw in a standard function in some Perl distributions could allow an attacker to execute arbitrary code on the vulnerable system. Description The stat Perl function, similar to the standard C stat function, returns a list giving the status info for a file. Since the stat function is...

Gaim contains an off-by-one buffer overflow vulnerability in the gaim_quotedp_decode() function

Overview There is an off-by-one buffer overflow vulnerability in the Gaim MIME decoder. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It includes a feature that requires Gaim to decode MIME-encoded data. There is an off-by-one buffer overflow...

Cisco IOS fails to properly process solicited SNMP operations

Overview Cisco IOS contains a vulnerability in the processing of solicited Simple Network Management Protocol SNMP operations that may result in memory corruption of the device causing it to reload. Sustained exploitation of this vulnerability could lead to a denial of service condition affect a...

Microsoft Windows ASN.1 library contains a memory management vulnerability

Overview Microsoft's ASN.1 library contains a memory management error that could be exploited by a remote attacker to cause a denial-of-service situation, or execute arbitrary code. Description Microsoft's ASN.1 library contains a memory management error, potentially a "double-free" condition. By...

Microsoft Windows XP creates tasks with elevated privileges

Overview Microsoft Windows XP contains a vulnerability in the way that tasks are created that may permit an authenticated user to launch applications with elevated privileges. Description Microsoft Windows creates tasks when a user launches an application. A vulnerability in the way that Windows ...

Sun Solaris passwd command allows for privilege escalation

Overview Sun Solaris contains a vulnerability in the passwd1 command which could allow for privilege escalation. Description The passwd command is used to update a user's authentication tokens. There is non-specific vulnerability identified in Sun Security Alert ID: 57454. This vulnerability coul...

Oracle9i Database contains buffer overflow in TIME_ZONE session parameter

Overview Oracle9i Database contains a buffer overflow in the TIMEZONE session parameter which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description The TIMEZONE parameter is a session parameter that specifie...

HP-UX shar utility creates files with predictable names in "/tmp" directory

Overview The shar program distributed with some versions of the HP-UX operating system creates files insecurely. This vulnerability could allow local users to gain escalated privilege on the system. Description shar is a program commonly available on UNIX systems to create a shell script that wil...

tcpdump contains vulnerability in ISAKMP decoding routine

Overview tcpdump contains a vulnerability in the way it decodes Internet Security Association and Key Management Protocol ISAKMP packets. Description tcpdump is a widely-used network sniffer that is capable of decoding ISAKMP packets. A vulnerability exists in the way tcpdump parses specially...

Avaya Argent Office requests 'HoldMusic' file from broadcast address via TFTP

Overview This vulnerability allows unauthenticated users to upload call holding music to affected devices. Description The Avaya Argent Office sends broadcast TFTP requests to obtain a file named "HoldMusic" that is used to supply hold music for customers who dial into the device. Therefore, an...

Cisco Lightweight Extensible Authentication Protocol (LEAP) uses passwords that are vulnerable to dictionary attacks

Overview The Cisco LEAP protocol uses hashed passwords that are vulnerable to dictionary attacks. Successful attackers will be able to gain unauthorized access to affected networks. Description The Cisco Lightweight Extensible Authentication Protocol LEAP provides an authentication mechanism for...

OpenSSL accepts unsolicited client certificate messages

Overview OpenSSL accepts unsolicited client certificate messages. This could allow an attacker to exploit underlying vulnerabilities in client certificate handling. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general-purpos...

Microsoft Internet Explorer does not safely handle multiple file download requests

Overview A problem in the way Microsoft Internet Explorer handles a large number of file download requests could result in the execution of arbitrary code on a vulnerable system. Description When Internet Explorer IE follows a link to an executable file .exe, a dialog window is displayed that...

Protegrity Secure.Data for Microsoft SQL Server 2000 contains buffer overflows in extended stored procedures

Overview Protegrity Secure.Data for Microsoft SQL Server 2000 includes several extended stored procedures that contain buffer overflow vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code, gain access to databases, or cause a denial of service. Descriptio...

Microsoft Internet Explorer does not adequately validate references to cached objects and methods

Overview Microsoft Internet Explorer does not adequately validate references to cached objects and methods across domains and security zones. The impact is similar to that of a cross-site scripting vulnerability, allowing an attacker to access data in other sites, including the Local Computer zon...

Multiple FTP clients contain directory traversal vulnerabilities

Overview Multiple File Transfer Protocol FTP clients contain directory traversal vulnerabilities that allow a malicious FTP server to overwrite files on the client host. Description In a typical file transfer operation, one participant the client requests a file while a second participant the...

Pine MUA contains buffer overflow in addr_list_string()

Overview Pine is a mail user agent MUA written and distributed by the University of Washington. Some versions contain a buffer overflow vulnerability in email address handling. Description Versions of Pine prior to 4.50 contain a remotely exploitable buffer overflow in the addrliststring function...

gv contains buffer overflow in sscanf() function

Overview A remotely exploitable buffer overflow vulnerability exists in gv. Description A remotely exploitable buffer overflow vulnerability exists in gv. gv allows a user to view and navigate PostScript and PDF documents by providing an interface to the ghostscript interpreter. This vulnerabilit...

dvips uses system() function insecurely thereby allowing arbitrary command execution

Overview A vulnerability in the dvips utility can allow a remote attacker to execute arbitrary code on a vulnerable system. Description The dvips utility is used to convert DVI files to PostScriptTM. Typically the output is sent to the printer.RHSA-2002:194-18 states the vulnerability occurs...

Apache mod_dav module vulnerable to DoS

Overview A denial-of-service vulnerability exists in Apache moddav. Description moddav is an Apache module. This module enables Apache web servers to provide users the ability to edit and manage files on a remote web server using the HTTP protocol. A vulnerability in moddav may allow an attacker ...

Microsoft Windows 2000 vulnerable to DoS via malformed packets sent to port 445/tcp

Overview The default configuration of Microsoft Windows 2000 does not properly handle malformed packets received on TCP port 445. As a result, Windows may cease to function normally upon receipt of malformed packets on this port. Description Microsoft LAN Manager LANMAN is enabled by default on...

HP Tru64 UNIX "ipcs" contains buffer overflow (SSRT0794U)

Overview The HP Tru64 UNIX implementation of "ipcs" contains a locally exploitable buffer overflow. Description "ipcs" is used to report inter-process communication status. A locally exploitable buffer overflow in "ipcs" may permit a local attacker to gain elevated privileges and execute arbitrar...

Microsoft Windows Terminal Services Advanced Client (TSAC) contains buffer overflow in process that handles input parameters

Overview Microsoft Windows Terminal Services Advanced Client TSAC contains a remotely exploitable buffer overflow. Description The Microsoft Windows Terminal Services Advanced Client TSAC contains a remotely exploitable buffer overflow. This ActiveX control provides a way to deliver Terminal...

SGI IRIX rpc.xfsmd uses weak authentication mechanism for RPC authentication

Overview The XFS file system on SGI systems allows anonymous remote users to call xfs-related RPC functions. Description XFS is a 64-bit compliant journaling file system. The XFS journaling filesystem daemon rpc.xfsmd on SGI systems uses the default AUTHUNIX authentication mechanism a client-base...

Sambar Web Server vulnerable to sourcecode disclosure due to improper parsing of scripts

Overview Sambar Webserver displays script contents instead of interpreting them when the user adds certain characters to the end of the script URL. Description Sambar Webserver is designed to handle CGI requests by interpreting CGI scripts to produce output returned to the client. However, due to...

Microsoft Remote Access Service API contains additional buffer overflow vulnerability via phonebook entries

Overview The Microsoft Remote Access Service API contains a vulnerability that allows local attackers to execute arbitrary code with system privileges. Description The Microsoft Remote Access Service RAS Application Programming Interface API allows Windows programs to make dial-up connections to...

Microsoft Internet Explorer contains buffer overflow in handling of gopher replies

Overview There is a buffer overflow in Internet Explorer when IE receives information from a gopher service. Description Gopher is a protocol that presents documents and services in a hierarchal representation, and is similar in some ways to HTTP. Internet Explorer reportedly contains a buffer...

Oracle Application Server contains format string vulnerability

Overview The CERT/CC is aware of a report about a "remotely exploitable format string vulnerability in Oracle Application Server" that could allow an unauthenticated, remote attacker to execute arbitrary code on a vulnerable system. Description Oracle Application Server uses the Apache HTTP Serve...

Quake II Server performs console variable expansion on client-supplied input values

Overview The Quake II Server contains an information leakage vulnerability that allows remote attackers to gain control of the game server process. Description The Quake II Server responds to console commands from Quake II clients to perform a variety of game and server management functions. Both...

Jana Server does not adequately validate user input thereby allowing directory traversal

Overview Jana Server contains a directory traversal vulnerability. Description Versions 1.4x of Jana Server, a web server for Windows developed by T. Hauck, do not properly filter requests for hexadecimal encodings of ".." dot-dot and allows directory traversal out of the HTTP document root...

AOL Instant Messenger vulnerable to buffer overflow via long filename

Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client of a victim. Description AIM permits users to send files from one peer to another. By sending a file with a long name, it is possible to crash th...

OpenView Network Node Manager contains vulnerability allowing for privilege escalation

Overview The HP Network Node Manager contains a vulnerability that may allow an attacker to gain elevated privileges. Description The Network Node Manager is a networked systems software management package distributed by Hewlett-Packard. A vulnerability in this software package may allow an...

IBM AIX setclock buffer overflow in remote timeserver argument

Overview There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Description The setclock command sets the system's clock from a remote time server. This command contains a buffer overflow in the handling of the remote timeserver hostname...

Microsoft Windows Index Server discloses sensitive configuration information via crafted request to SQLQHit.asp sample application

Overview Microsoft Windows Index Server ships with an optional sample package. A component of this package, SQLQHit.asp, can disclose sensitive information when sent crafted requests. Description The Microsoft Windows Index Server ships with optional sample files. While these files should never b...

IE fails to check certificates properly if initial SSL connection originates in an IFRAME or Image

Overview Several flaws exist in Microsoft Internet Explorer that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. These problems are different from the problems reported in CERT Advisory CA-2000-05 and CERT...

Trend Micro InterScan eManager vulnerable to remotely exploitable buffer overflow

Overview A remotely exploitable buffer overflow exists in Trend Micro InterScan eManager. Description Trend Micro InterScan eManager is an application that inspects email traffic flowing into and out of a network for confidential or inappropriate material entering and/or leaving the network. This...

IBM VisualAge Professional vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Web Servers that use the IBM VisualAge Professional Vesion 3.5 Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on...

OpenSSH allows arbitrary file deletion via symlink redirection of temporary file

Overview Due to insecure handling of temporary files, some versions of sshd, an encrypted connection program, can delete any file named "cookies" accessible via the computer running sshd. Description sshd is the server software used to support ssh, a popular encryted connection program. Some...