Hewlett-Packard Company MPE/iX FTPSRVR does not properly validate certain commands

Overview A vulnerability in the FTP server included with the MPE/iX operating system may allow a remote attacker to gain unauthorized access. Description MPE/iX is an operating system produced by Hewlett-Packard Company. The FTP server included with MPE/iX FTPSRVR contains a vulnerability which m...

gtop daemon contains buffer overflow

Overview A buffer overflow exists in the gtop daemon. Description A buffer overflow in gtopd, specifically permitted, may allow a remote attacker to execute arbitrary code. For more detailed information, please see Flavio Veloso's analysis.gtop background information Many Unix systems allow only...

IRISconsole allows login to the "iceadmin" account with incorrect password

Overview SGI IRIS console contains a vulnerability which may allow a local attacker to gain elevated privileges. Description SGI describes IRISconsole as a "central control point that manages and monitors servers and logs their activity." A vulnerability in IRISconsole may allow a local attacker ...

Postfix vulnerable to DoS by supplying a remote SMTP listener with a malformed envelope address

Overview A denial-of-service vulnerability exists in all versions of Postfix prior to 2.0. This vulnerability may allow a remote attacker to cause mail service interruption. Description Postfix is a very popular mail transfer agent MTA. Michal Zalewski has discovered a denial-of-service...

Multiple Open Software Foundation Distributed Computing Environment (DCE) implementations vulnerable to DoS

Overview A denial-of-service vulnerability exists in multiple vendor implementations of the Distributed Computing Environment. This vulnerability may allow a remote attacker to cause the service to fail. Note that this vulnerability may be triggered by attackers attempting to exploit VU568148 and...

BEA WebLogic Server code execution paths may cause the current user to be incorrect

Overview A vulnerability in BEA WebLogic Server and Express may allow a local attacker to gain elevated privileges. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed Java...

Microsoft Internet Explorer and Outlook Express MHTML rendering engine incorrectly executes script in Local Computer Zone

Overview There is an MHTML input validation vulnerability in Outlook Express that may lead to arbitrary command and code execution in the Local Computer Zone of a victim host. Description Microsoft systems use components of Microsoft Outlook Express to render MHTML MIME Encapsulation of Aggregate...

realpath(3) function contains off-by-one buffer overflow

Overview A function originally derived from 4.4BSD, realpath3, contains a vulnerability that may permit a malicious user to gain root access to the server. This function was derived from the FreeBSD 3.x tree. Other applications and operating systems that use or were derived from this code base ma...

Cisco IOS HTTP Server vulnerable to buffer overflow when processing overly large malformed HTTP GET request

Overview The Cisco IOS HTTP Server contains a vulnerability that may permit a remote attacker to execute arbitrary code on the system. Description Cisco IOS ships with an HTTP Server. A buffer overflow vulnerability exists in the HTTP Server and may be exploited if a remote attacker sends a craft...

Microsoft Windows Media Services contains buffer overflow in "nsiislog.dll"

Overview Microsoft Windows Media Services provides streaming audio and video capabilities. A vulnerability in a component of this software could allow a remote attacker to compromise the server running it. Description According to Microsoft Security Bulletin MS03-022:Microsoft Windows Media...

Microsoft Windows RPC service vulnerable to denial of service

Overview A vulnerability exists in Microsoft's Remote Procedure Call RPC implementation. A remote attacker could exploit this vulnerability to cause a denial of service. An exploit for this vulnerability is publicly available. Description Microsoft has released MS03-039 to address a vulnerability...

SGI IRIX name services daemon (nsd) and modules mishandle AUTH_UNIX gid list

Overview A remotely exploitable vulnerability has been discoved in the "nsd" service for SGI IRIX systems. A remote attacker may be able to gain root access to the vulnerable system. Description A remotely exploitable heap overflow vulnerability has been discovered in a function for the RPC...

Cisco Aironet AP1100 fails to provide universal login error messages thereby disclosing validity of user account

Overview A vulnerability in the Cisco Aironet 1100 Series Access Point may allow a remote attacker to discover valid accounts on the access point. Description Cisco describes the Aironet 1100 Series Access Point as, "an affordable and upgradable 802.11b wireless LAN WLAN solution, setting the...

Microsoft SQL Server becomes unresponsive when large packet is sent to specific named pipe

Overview A vulnerability in Microsoft SQL Server may allow a local attacker to cause a denial of service. An exploit for this vulnerability is publicly available. Description Microsoft describes SQL Server as, "a fully enterprise-class database product, providing core support for Extensible Marku...

Oracle Database Server contains stack overflow in logging mechanism when supplied overly long library name

Overview There is a buffer overflow in several versions of Oracle Database. The impact of this vulnerability may include the execution of arbitrary code; the ability to read, modify, or delete information stored in underlying Oracle databases; and denial of service. Description A buffer overflow...

Microsoft Windows DirectX MIDI library does not adequately validate MThd track values in MIDI files

Overview A Microsoft Windows DirectX library, quartz.dll, does not properly validate the number of tracks value in Musical Instrument Digital Interface MIDI files. An attacker could exploit this vulnerability to execute arbitrary code or crash any application using the library, causing a denial o...

Microsoft Windows DirectX MIDI library does not adequately validate Text or Copyright parameters in MIDI files

Overview A Microsoft Windows DirectX library, quartz.dll, does not properly validate certain parameters in Musical Instrument Digital Interface MIDI files. An attacker could exploit this vulnerability to execute arbitrary code or crash any application using the library, causing a denial of servic...

Microsoft SQL Server vulnerable to buffer overflow

Overview Microsoft SQL Server contains a buffer overflow vulnerability. A local attacker could leverage this vulnerability to gain elevated privileges and/or execute arbitrary code. Description Quoting from Microsoft Security Bulletin MS03-031:A flaw exists in a specific Windows function that may...

Microsoft SQL Server contains flaw in checking method for the named pipe

Overview A vulnerability in Microsoft SQL Server may allow an attacker to hijack a named pipe. An attacker may be able to leverage this vulnerability to gain elevated privileges. Description Microsoft describes a named pipe as, "a specifically named one-way or two-way channel for communication...

Novell NetWare Enterprise Web Server /perl/ handler vulnerable to buffer overflow

Overview Novell NetWare Enterprise Web Server contains a buffer overflow vulnerability that can be exploited via the /perl/ HTTP request handler. A remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the server process. Description Novell...

Solaris systems may crash in response to certain IPv6 packets

Overview Solaris 8 systems that accept IPv6 traffic may be subject to denial of service attacks from arbitrary remote attackers. Description Sun Microsystems has reported that systems running Solaris 8 may encounter a system panic in response to IPv6 packets with certain characteristics. Sun Aler...

Symantec ActiveX control vulnerable to buffer overflow

Overview There is a buffer overflow in a component of Symantec's web-based Security Check. Description Symantec describes Security Check as "a free web-based tool that enables users to test their computer's exposure to a wide range of on-line threats. As part of running the check, users may insta...

Apache stops writing access/error logs after processing "Request-URI" containing "0x1A" characters

Overview A vulnerability in the logging of URI requests may permit a remote attacker to disable logging on an Apache HTTP Server. Version 1.3.27 on Windows systems is reported vulnerable to this issue. Description Apache HTTP Server 1.3.27 running on Win32 systems contains a vulnerability that...

Weaknesses in MIT magic cookie and XDM X Windows authorization

Overview MIT magic cookie and XDM authorization contain vulnerabilities that could allow remote attackers to connect to X displays. Description Two widely used X Window System authorization schemes have weaknesses in their sample implementations. MIT-MAGIC-COOKIE-1 On some systems built without t...

X servers may have insecure default configuration of xhosts

Overview Some X server products client software for connecting to a host with Xwindows capabilities may be configured insecurely by default. Description In X windows terminology, the X server is the software which provides "services" to the client, while the X client is the software that makes...

Microsoft Windows Active Directory fails to handle long LDAP requests

Overview A flaw has been discovered in the way that Microsoft's Active Directory service handles large LDAP requests. This flaw could result in a denial-of-service vulnerability. Description The directory services provided by Microsoft's Active Directory are based on the Lightweight Directory...

Microsoft Windows RPC vulnerable to buffer overflow

Overview A buffer overflow vulnerability exists in Microsoft's Remote Procedure Call RPC implementation. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. An exploit for this vulnerability is publicly available. Description Microsoft...

Cisco IOS Interface Blocked by IPv4 Packet

Overview A denial-of-service vulnerability exists in Cisco's Internetwork Operating System IOS. This vulnerability may allow remote attackers to conduct denial-of-service attacks on an affected device. Description Cisco IOS is a very widely deployed network operating system. A vulnerability in IO...

Adobe PDF viewers allow non-certified plug-ins to put viewers into Certified Mode

Overview By default, Adobe PDF viewers will start up and load non-certified plug-ins installed in a local plugins directory. Adobe Reader plug-ins not certified by Adobe, if allowed to load, can execute arbitrary code in the process space of the running viewer. One incremental impact of such...

Microsoft Windows 2000 SMTP service vulnerable to DoS when processing message with corrupted time stamp

Overview Some versions of Microsoft Windows 2000 feature an SMTP service for handling Internet email. A flaw in this SMTP service may result in a denial-of-service vulnerability. Description When a message with a corrupted time stamp is received by a vulnerable system, the SMTP service may stop...

Windows Media Player 9 ActiveX control does not adequately validate access to Windows Media Library

Overview An ActiveX control included with Windows Media Player 9 does not adequately validate script access to the Windows Media Library. This could allow an attacker to read or modify data contained in the library. Description Windows Media Player 9 includes an ActiveX control that can be used t...

Microsoft Windows HTML conversion library vulnerable to buffer overflow

Overview A buffer overflow vulnerability exists in a shared HTML conversion library used by Internet Explorer IE and other Windows applications. By enticing a victim to view an HTML document using IE, an attacker could execute arbitrary code with the victim's privileges or cause IE to crash...

Apache HTTPD contains denial of service vulnerability in basic authentication module

Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to to conduct denial-of-service attacks on the HTTP basic authentication module of an affected server. Description The Apache HTTP server contains a denial-of-service vulnerability in the...

Apache Portable Runtime contains heap buffer overflow in apr_psprintf()

Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to conduct denial-of-service attacks against an affected server. Description The Apache HTTP server contains a heap buffer overflow vulnerability in the aprpsprintf function. The Apache Softwar...

Sun Management Center (SunMC) allows user to create or overwrite arbitrary files

Overview The Sun Management Center SunMC contains a vulnerability that could allow an attacker to create or overwrite any file on the system. Description An unknown vulnerability exists in the Sun Management Center SunMC, according to a Sun Alert Notification. According to that document,...

Cisco VPN 3000 Concentrator may allow access to internal hosts when IPsec over TCP is enabled

Overview A vulnerability in some Cisco Virtual Private Network VPN products could allow a remote attacker to access systems that should not be accessible. Description The Cisco VPN 3000 Series Concentrators and the Cisco VPN 3002 Hardware Clients are Virtual Private Network VPN platforms designed...

Cisco VPN 3000 Concentrator forces device to reload when processing malformed SSH initialization packet

Overview A vulnerability in some Cisco Virtual Private Network VPN products could allow a remote attacker to cause a denial of service. Description The Cisco VPN 3000 Series Concentrators and the Cisco VPN 3002 Hardware Clients are Virtual Private Network VPN platforms designed to provide secure...

Cisco VPN 3000 Concentrator vulnerable to DoS via large number of malformed ICMP packets

Overview A vulnerability in some Cisco Virtual Private Network VPN products could allow a remote attacker to cause a denial of service. Description The Cisco VPN 3000 Series Concentrators and the Cisco VPN 3002 Hardware Clients are Virtual Private Network VPN platforms designed to provide secure...

Various UNIX and Linux PDF readers/viewers execute commands embedded within hyperlinks

Overview A vulnerability in various UNIX and Linux PDF viewers/readers may allow remote attackers to execute arbitrary commands on your system. Description Adobe Systems Incorporated describes PDF Portable Document Format as "a universal file format that preserves the fonts, images, graphics, and...

IBM AIX sendmail configured as open mail relay by default

Overview Sendmail shipped with IBM AIX is configured by default as an open mail relay. Unauthenticated, remote users can route mail through such a system. Description Sendmail is a widely used mail transfer agent MTA that is included with IBM AIX. According to IBM:The default configuration files...

HP-UX fails to apply standard UNIX filesystem security measures when using OnLineJFS

Overview A vulnerability in OnlineJFS could allow an intruder to gain greater access than expected. Description OnlineJFS "provides the online management of the Journaled File System JFS, a high-integrity, highly available file system supported by HP-UX." According to Hewlett-Packard, there is a...

Ethereal DCE RPC dissector vulnerable to DoS

Overview A vulnerability in Ethereal may allow a remote attacker to cause a denial of service. Description The Ethereal web site describes Ethereal as "a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can...

IBM AIX vulnerable to DoS

Overview A denial-of-service vulnerability in AIX may allow a remote attacker to consume 100% of the CPU. Description AIX is a UNIX operating system distributed by IBM. A vulnerability in AIX 4.3.3 may allow a remote attacker to cause a denial of service. For more information, please see IBM APAR...

SGI IRIX vulnerable to DoS when user space program calls the PIOCSWATCH ioctl() function

Overview A vulnerability in the SGI IRIX PIOCSWATCH ioctl function may allow local attackers to crash the operating system. Description SGI states that PIOCSWATCH ioctl "establishes or clears a set of watched areas in the traced process." According to SGI Security Advisory 20030603-01-P, a local...

Sun Java Runtime Environment allows untrusted applets to access information within trusted applets

Overview The Sun Java Runtime Environment JRE contains a vulnerability that may lead to sensitive information being leaked. Description Sun Microsystems describes the Sun JRE as follows:The Java RE provides the libraries, Java virtual machine, and other components necessary for you to run applets...

Sun Solaris "/usr/lib/utmp_update" contains buffer overflow

Overview A vulnerability in Sun Solaris "/usr/lib/utmpupdate" may allow a local attacker to gain superuser privileges. Description A buffer overflow vulnerability exists in Sun Solaris "/usr/lib/utmpupdate". For more information, please see Sun Alert 55260. --- Impact A local attacker may be able...

Linux kernel IP stack incorrectly calculates size of an ICMP citation for ICMP errors

Overview The Linux 2.0 kernel contains a vulnerability in the way it processes ICMP errors. This could lead to portions of memory being leaked to a malicious user. Description The Linux 2.0 kernel versions 2.0 through 2.0.39 inclusive contains an error in the calculation of the size for an ICMP...

Vulnerability in OpenSSH daemon (sshd)

Overview A vulnerability in the OpenSSH daemon sshd may give remote attackers a better chance of gaining access to restricted resources. Description OpenSSH is an implementation of the Secure Shell protocol. It is used to provide strong authentication and cryptographically secure communications...

Cisco Secure ACS for Windows CSAdmin vulnerable to buffer overflow via login requests

Overview Cisco Secure ACS for Windows contains a buffer overflow vulnerability that could permit a remote attacker to execute arbitrary code or cause a denial of service. Description Cisco Secure ACS for Windows is an authentication, authorization, and accounting AAA server. From Cisco Security...

Various Axis products allow unauthorized remote privileged access

Overview A vulnerability in various Axis Communications products may allow unauthorized remote privileged access. Description Axis Communications Inc. produces network-enabled cameras and video servers. The company describes itself as "an innovative market leader in network video and print server...