Microsoft Internet Explorer contains buffer overflow in processing of object types

Overview A remotely exploitable vulnerability has been discovered in Internet Explorer. Exploitation of this vulnerability may lead to the execution of arbitrary code. Description A remotely exploitable buffer overflow vulnerability has been discovered in Internet Explorer versions 5.1, 5.5 and...

Mac OS X LDAP plugins transmit user credentials in clear text

Overview Versions 10.2 and later of Apple's MacOS X operating system include support for the Lightweight Directory Access Protocol LDAP. A vulnerability in the way some of these versions of MacOS X handle authentication in certain environments could expose user's passwords in plaintext as they're...

SunOS versions of sendmail use popen to return undeliverable mail

Overview Older versions of sendmail circa 1995 incorrectly used popen to process certain arguments. Description There is a problem with the way that the older circa 1995 versions of Sun Microsystems, Inc. version of sendmail processes the -oR option. This problem has been verified as existing in...

Sun Ray Smartcard reader may leave desktop session open when card is quickly removed

Overview The Sun Ray Smartcard reader fails to properly detect a "quick removal, reinsertion and removal of a Smartcard." Description The Sun Ray is a thin client computing device designed to process user input and output, and provide access to computing services hosted by a server. Authenticatio...

Yahoo! Audio Conferencing ActiveX control vulnerable to buffer overflow

Overview A remotely exploitable buffer overflow vulnerability has been discovered in the Yahoo! Audio Conferencing ActiveX control. Description The Yahoo! Audio Conferencing ActiveX control is used in the web-based Yahoo! Chat service, as well as in the Win32 Yahoo! Messenger application. There i...

OpenVMS page management vulnerability

Overview Old versions circa 1993 of OpenVMS and OpenVMS AXP contain a vulnerability related to page management. Description There is a vulnerability related to page management in old versions circa 1993 of Open VMS. An exploit for this vulnerability, written in MACRO-32, was available at the time...

GNU screen contains buffer overflow

Overview A locally exploitable buffer overflow exists in GNU screen. An exploit is publicly available for this vulnerability. Description The Free Software Foundation describes GNU Screen as follows:Screen is a full-screen window manager that multiplexes a physical terminal between several...

HP-UX "rexec" command vulnerable to buffer overflow when supplied overly long command line argument to "-l" option

Overview A buffer overflow vulnerability in the rexec program supplied in some versions of the HP-UX operating system could allow local users to gain privileged access. Description The rexec program allows local users to execute commands on remote servers. rexec calls the rexec subroutine to act ...

zlib "gzprintf()" function vulnerable to buffer overflow

Overview A buffer overflow exists in one of the functions included with the zlib compression library. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial of service. An exploit for this vulnerability is publicly available. Description The zlib website...

GnuPG contains flaw in key validation code

Overview A vulnerability in GnuPG may cause keys with multiple user ID's to give other user IDs on the key a false amount of validity. Description From the GnuPG homepage:GnuPG stands for GNU Privacy Guard and is GNU's tool for secure communication and data storage. It can be used to encrypt data...

HP-UX "kermit" vulnerable to buffer overflow

Overview HP-UX's implementation of kermit contains a buffer overflow which may allow a local attacker to gain elevated privileges. Description From the Kermit Project:Kermit software offers interactive and scripted file transfer and management, terminal emulation, Unicode-aware character-set...

Apple Mac OS X IPSec mechanism fails to handle certain incoming security policies that match by port

Overview Apple's Mac OS X IPSec implementation does not properly filter certain types of IP traffic. Description Apple Mac OS X contains an implementation of the IP Security Protocol IPSec. A vulnerability in this implementation may allow a remote attacker to exchange traffic with a host that...

Microsoft Internet Explorer does not safely handle multiple file download requests

Overview A problem in the way Microsoft Internet Explorer handles a large number of file download requests could result in the execution of arbitrary code on a vulnerable system. Description When Internet Explorer IE follows a link to an executable file .exe, a dialog window is displayed that...

XMMS Remote input validation error

Overview There is an input validation error in the stand-alone SOAP server XMMS Remote which allows unauthorized remote command execution. Description XMMS Remote is a stand-alone XML/SOAP HTTP server implemented in PERL created by X2 Studios. It is used to monitor a running xmms media player...

Kerio Personal Firewall vulnerable to replay attack

Overview Kerio Personal Firewall contains a vulnerability that may allow a remote attacker to replay an administration session. Description Kerio Technologies Inc. describes the Kerio Personal Firewall as follows:Kerio Personal Firewall KPF is a software agent that builds a barrier between your...

Adobe Acrobat does not adequately validate Acrobat JavaScript

Overview Adobe Acrobat contains a vulnerability in its JavaScript parsing engine that could allow an attacker to place arbitrary files on the local file system. Description Different versions of Adobe Acrobat software can create, modify, and read Portable Document Format PDF files. Acrobat...

Ethereal contains integer overflow in Mount dissector

Overview Ethereal is a network traffic analysis package. The mount packet dissector contains a vulnerability that may result in the execution of arbitrary code. Description The mount packet dissector for Ethereal contains an integer overflow vulnerability. According to the Ethereal Advisory,...

Kerio Personal Firewall vulnerable to buffer overflow

Overview Kerio Personal Firewall contains a buffer overflow that may allow a remote attacker to execute arbitrary code. An exploit for this vulnerability is publicly available. Description Kerio Technologies Inc. describes the Kerio Personal Firewall as follows:Kerio Personal Firewall KPF is a...

Ethereal contains multiple one-byte buffer overflows in several dissectors

Overview Ethereal is a network traffic analysis package. Several packet dissectors contain a vulnerability that may cause a denial-of-service situation. Description Several packet dissectors for Ethereal contain a one-byte buffer overflow vulnerability. According to the Ethereal Advisory,...

Ethereal contains integer overflow in PPP dissector

Overview Ethereal is a network traffic analysis package. The PPP packet dissector contains a vulnerability that may result in the execution of arbitrary code. Description The PPP packet dissector for Ethereal contains an integer overflow vulnerability. According to the Ethereal Advisory,...

Microsoft Windows Media Player fails to properly evaluate URLs when downloading skin files

Overview Microsoft Media Player contains a vulnerability in the parsing of "Skin Files" that may permit a remote attacker to download arbitrary files to a known location on the local system. Description Microsoft Media Player is an application that plays various types of media files. The user can...

Microsoft Internet Explorer does not adequately validate window ornament parameters in dialog frames

Overview A vulnerability in the way Microsoft Internet Explorer IE handles window ornament parameters in dialog frames allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data i.e. cookie...

Cisco Catalyst switches allow access to "enable mode" without password

Overview Cisco Catalyst OS 7.51 contains a vulnerability that allows anyone who can obtain command line access to gain "enable" mode access without knowledge of the "enable" password. Description Cisco Catalyst OS is an operating system for Cisco's line of Catalyst switches. Version 7.51 of...

pam_xauth may insecurely forward "X MIT-Magic-Cookies" to new sessions

Overview A vulnerability exists in pamxauth that may allow a local attacker to gain access to an administrator's X session. Description pamxauth is used to forward xauth keys or cookies between users. From the pamxauth man page:Without pamxauth, when xauth is enabled and a user uses the su comman...

Sun ONE Directory Server "ns-ldapd" can be terminated by unprivileged user

Overview A denial-of-service vulnerability exists in the Sun ONE Directory Server. This vulnerability may allow a remote attacker to effectively terminate directory services on the affected host. Description Sun describes the Sun ONE Directory Server asa software product that provides a central...

RealSystem Proxy contains buffer overflow

Overview A buffer overflow vulnerability exists in the RealSystem Proxy. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable host. An exploit exists for this vulnerability and is publicly available. Description RealSystem Proxy is a streaming media proxy-cache...

RealSystem Server contains buffer overflow

Overview A buffer overflow vulnerability exists in the RealSystem Server. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable host. An exploit exists for this vulnerability and is publicly available. Description RealSystem Server is a streaming media server. A...

ScriptLogic sets insecure permissions on "LOGS$" share

Overview Version 4.01 of ScriptLogic contains a vulnerability in the default permissions assigned to the network share used for logging. Description The ScriptLogic product from ScriptLogic, Inc. provides remote system administration capabilities for Microsoft Windows systems in a domain...

rpc.walld fails to properly validate messages before broadcasting to clients

Overview A vulnerability in rpc.walld may allow local users to forge wall messages. An exploit exists for this vulnerability and is publically available. Description From the rpc.walld man page:The wall command reads the named file, or, if no filename appears, it reads the standard input until an...

ScriptLogic RunAdmin service can allow users to gain administrative access

Overview There is a vulnerability in version 4.01 of ScriptLogic that may allow local or domain users to gain administrative access to workstations running the ScriptLogic RunAdmin service. Description The ScriptLogic product from ScriptLogic, Inc. provides remote system administration capabiliti...

ScriptLogic RPC service allows local users to modify arbitrary registry settings

Overview There is a vulnerability in version 4.01 of ScriptLogic that could allow local users to gain full access to the registry. Description The ScriptLogic product from ScriptLogic, Inc. provides remote system administration capabilities for Microsoft Windows systems in a domain. A vulnerabili...

PopTop PPTP Server contains buffer overflow in "ctrlpacket.c"

Overview There is a remotely exploitable buffer overflow in PopTop. An exploit for this vulnerability exists and is publicly available. Description From the PopTop web site:PopToP is the PPTP server solution for Linux ports exist for Solaris 2.6, OpenBSD and FreeBSD and others. A buffer overflow...

tcpdump enters infinite loop when parsing crafted ISAKMP packets

Overview There is a denial-of-service vulnerability in tcpdump that may allow a remote attacker to cause tcpdump to enter an infinite loop. Description tcpdump, a tool used to monitor network traffic, has the ability to capture Internet Security Association and Key Management Protocol ISAKMP...

Microsoft Internet Explorer does not adequately validate source of dialog frame

Overview Microsoft Internet Explorer IE allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data i.e. cookies from other web sites. In the presence of other vulnerabilities VU626395,...

Buffer Overflow in URLMON.DLL

Overview A buffer overflow in URLMON.DDL may allow an intruder to execute arbitrary code. Description URLMON.DLL is a library used by Microsoft Internet Explorer. It contains a buffer overflow that could allow an intruder to execute arbitrary code if the intruder can convince the victim to visit ...

SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension

Overview SSL/TLS implementations that respond distinctively to an incorrect PKCS 1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application's...

Buffer Overflow in mod_ssl

Overview A buffer overflow exists in modssl. Description modssl is an Apache module that allows secure connections over X.509 authenticated channels. A buffer overflow exists in the sslcompatdirective function. For more detailed information, please see the original vulnerability report. --- Impac...

RealNetworks Helix Universal Server vulnerable to buffer overflow when supplied an overly long string within the "Transport" field of a SETUP RTSP request

Overview The RealNetworks' Helix Universal Server supports delivery of several different media types via RTSP Real Time Streaming Protocol. Vulnerabilities have been discovered in the way it handles some RTSP requests. These vulnerabilities could allow a remote attacker to execute arbitrary code ...

RealNetworks Helix Universal Server vulnerable to buffer overflow when supplied an overly long string for the "Describe" field

Overview The RealNetworks' Helix Universal Server supports delivery of several different media types over the Internet via RTSP Real Time Streaming Protocol. Vulnerabilities have been discovered in the way it handles some RTSP requests. These vulnerabilities could allow a remote attacker to execu...

RealNetworks Helix Universal Server vulnerable to buffer overflow when sent two simultaneous HTTP requests containing a long string of characters

Overview The RealNetworks' Helix Universal Server supports delivery of several different media types over the Internet. Vulnerabilities have been discovered in the way it handles some requests from the network. These vulnerabilities could allow a remote attacker to execute arbitrary code on...

Heap overflow in Snort "stream4" preprocessor

Overview The Snort "stream4" preprocessor module contains a vulnerability that allows remote attackers to execute arbitrary code with the privileges of the user running Snort, typically root. Description Researchers at CORE Security Technologies have discovered a remotely exploitable heap overflo...

Microsoft Windows kernel contains stack overflow

Overview A stack overflow vulnerability exists in the Microsoft Windows kernel. Description The kernel is the core or "heart" of any operating system and is responsible for a variety of things, such as managing memory and allocating hardware resources. Entercept's Ricochet Team has discovered a...

Oracle E-Business Suite Report Review Agent (RRA) allows arbitrary files to be retrieved with no authentication

Overview A vulnerability in Oracle's E-Business Suite Report Review Agent RRA allows arbitrary files to be retrieved with no authentication. Description A vulnerability exists in the Oracle E-Business Suite Report Review Agent RRA. This vulnerability may allow a remote attacker to retrieve...

SGI IRIX "xfsdump" creates quota information files insecurely

Overview A vulnerability exists in xfsdump on SGI IRIX. Exploitation of this vulnerability may allow a local attacker to gain root privileges. Because other operating systems ship with xfsdump, vendors other than SGI may be affected. Description From the xfsdump man page:xfsdump backs up files an...

Microsoft Windows Virtual Machine (VM) ByteCode Verifier fails to properly check Java applets for malicious code

Overview The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet. Description The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet. If an intruder can convince a victim to run a malicious Java applet, the intruder coul...

Samba contains multiple buffer overflows

Overview Samba contains several buffer overflow vulnerabilitites. At least one of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service. Description Samba is a widely used open-source implementation of Server Message Block...

Apache vulnerable to DoS

Overview A remotely exploitable denial-of-service vulnerability exists in the Apache HTTP Server. Exploitation of this vulnerability may allow an attacker to consume all available system resources, resulting in a denial-of-service condition. Description The Apache HTTP Server is a very popular...

SETI@home client vulnerable to buffer overflow

Overview A buffer overflow vulnerability in the SETI@home client could allow a remote attacker to execute arbitrary code or cause the SETI@home client to fail. An exploit for this vulnerability is known to exist and may be circulating. Description From the SETI@home website:SETI@home is a...

Eye of Gnome contains format string vulnerability in the file name handling of command line arguments

Overview Eye of Gnome contains a format string vulnerability that may allow remote attackers to execute arbitrary code with the privileges of the user running the application, typically an unprivileged system user. Description Eye of Gnome EOG is an image viewing application that is part of the...

Entrust Authority Security Manager (EASM) does not enforce multiple authorization requirement for master user password change

Overview Entrust Authority Security Manager contains a vulnerability that could allow a master user to change the password of another master user. A master user could exploit this vulnerability to perform operations that otherwise require authorization by multiple master users. Description Entrus...