IBM AIX "secldapclntd" daemon authentication vulnerability

Overview A vulnerability in the secldapclntd daemon in IBM's AIX operating system could allow unauthorized remote users to modify accounts on the system. Description According to the IBM bulletin for this issue:"The secldapclntd daemon accepts requests from the LDAP load module, forwards requests...

mkpasswd uses weak random number generator

Overview Mkpasswd generates passwords that are insufficiently random. Description Mkpasswd is a password generation utility included with Red Hat Linux and possibly other Linux distributions. Mkpasswd generates passwords that are not sufficiently random, which may allow an attacker to predict...

Apple QuickTime Player for Windows contains buffer overflow in processing of overly long QuickTime URLs

Overview Apple's QuickTime Player is a player for files and streaming media in the QuickTime format. Versions of the player are available for both the Microsoft Windows and Apple MacOS platforms. A flaw in the version for Windows could allow a remote attacker to execute arbitrary code on a...

Sendmail address parsing buffer overflow

Overview Sendmail contains a buffer overflow in code that parses email addresses. A remote attacker could execute arbitrary code or cause a denial of service on a vulnerable system. Description Sendmail is a widely used mail transfer agent MTA. There is a stack overflow vulnerability in code that...

BEA WebLogic Server fails to discard cached authentication information when web applications are updated

Overview The BEA WebLogic server contains a vulnerability that may allow authenticated users to bypass authentication for a given web application when the application has been updated. Description The BEA WebLogic Server provides a feature that allows it to store user authentication information f...

Microsoft Windows RPC service vulnerable to DoS via NULL pointer dereference

Overview The RPC service in Microsoft Windows NT 4.0, 2000, and XP can be terminated by a specially crafted RPC message. A remote attacker could cause a denial of service. Description According to Microsoft Security Bulletin MS03-010, "Remote Procedure Call RPC is a protocol used by the Windows...

Incorrect NXDOMAIN responses from AAAA queries could cause denial-of-service conditions

Overview Some DNS servers respond with an inappropriate error message if queried for nonexistent AAAA records, which can lead to possible denial of service. Description Some DNS servers respond with a "Name Error" response code NXDOMAIN, RCODE 3 instead of "No Error" RCODE 0 when queried for a...

Cryptographic libraries and applications do not adequately defend against timing attacks

Overview Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency...

Multi-Tech ProxyServers ship with null password for administrative access

Overview Some versions of the Multi-Tech ProxyServer products ship without a default password for the administrative interface. Description Some versions of the Multi-Tech ProxyServer products ships without a default password for the administrative interface permitting unauthenticated access via...

HP Tru64 UNIX "dxchpwd" contains buffer overflow

Overview The Hewlett Packard Tru64 "dxchpwd" command contains a locally exploitable buffer overflow. Description The Hewlett Packard Tru64 operating system contains a command, known as "dxchpwd," that allows users to change passwords. This program is vulnerable to a buffer overflow. --- Impact Th...

Blahz-DNS does not properly authenticate users before granting access to various configuration pages

Overview Blahz-DNS does not properly authenticate users. Description Blahz-DNS does not properly authenticate users. As a result, an attacker can gain access to various configuration pages. For more detailed information, please see the ppp-design advisory. --- Impact An attacker can gain access t...

Icecast vulnerable to buffer overflow via long GET request

Overview A remotely exploitable buffer overflow exists in Icecast. Description A remotely exploitable buffer overflow exists in Icecast. By sending on overly long GET request to the server, an attacker can execute arbitrary code with the privileges of the Icecast server, or cause the service to...

HP Tru64 UNIX "su" command vulnerable to buffer overflow

Overview The Hewlett Packard Tru64 "su" command contains a locally exploitable buffer overflow. An exploit for this vulnerability is known to exist and may be circulating. Description The Hewlett Packard Tru64 operating system contains a command, known as "su," that allows users to assume the...

SGI IRIX sets insecure permissions on "/dev/ipfilter"

Overview A locally exploitable denial-of-service vulnerability in SGI IRIX may allow a local attacker to disrupt network traffic. Description SGI IRIX contains a locally exploitable denial-of-service vulnerability. For more information, please see SGI Security Advisory 20020408-01-I. --- Impact A...

Buffer Overflow in SGI IRIX syslogd

Overview A remotely exploitable buffer overflow in SGI IRIX syslogd may allow an attacker to crash syslogd or execute arbitrary code. Description There is a remotely exploitable buffer overflow in SGI IRIX syslogd. For more detailed information please see SGI Security Advisory 20020405-01-I. ---...

MIT Kerberos vulnerable to ticket splicing when using Kerberos4 triple DES service tickets

Overview Several cryptographic vulnerabilities exist in the basic Kerberos version 4 protocol that could allow an attacker to impersonate any user in a Kerberos realm and gain any privilege authorized through that Kerberos realm. Description The MIT Kerberos Development team has discovered a...

Cryptographic weakness in Kerberos Version 4 protocol

Overview Several cryptographic vulnerabilities exist in the basic Kerberos Version 4 protocol that could allow an attacker to impersonate any user in a Kerberos realm and gain any privilege authorized through that Kerberos realm. Description The MIT Kerberos Development team has discovered a...

TCP/IP implementations handle unusual flag combinations inconsistently

Overview Various vendors' TCP/IP implementations handle packets containing unusual flag combinations in different ways, which may lead to a violation of implicit or explicit security policies. Description Background on TCP/IP Connection Semantics To establish a TCP connection, a client and server...

IBM Tivoli Firewall Toolbox contains vulnerability

Overview A vulnerability in the Tivoli Firewall Toolbox version 1.2 has been discovered that can lead to remote unauthorized compromise of the environment with in the firewall system. Description A buffer overflow vulnerability in the communications layer of the Tivoli Firewall Toolbox has been...

Integer overflow in Sun RPC XDR library routines

Overview The XDR library from Sun Microsystems is a widely used implementation for RPC services. Although the library was originally distributed by Sun Microsystems, multiple vendors have included the vulnerable code in their own implementations. Some implementations of standard functions in this...

Adobe Acrobat PDF viewers contain flaw when loading and verifying plug-ins

Overview Acrobat plug-ins can be digitally signed to determine whether they should be loaded by Adobe Acrobat Reader at startup. This digital signature mechanism is not cryptographically strong and allows other potentially-malicious plug-in code to pretend to be certified by Adobe and be executed...

MySQL allows default user to be changed to root via custom "my.cnf" file

Overview MySQL reads configuration options from world-writeable files. This can lead to a remote user gaining elevated privileges. Description A message posted to the bugtraq mailing list details a vulnerability affecting versions of MySQL prior to 3.23.56. MySQL would permit users with 'FILE'...

Buffer Overflow in Core Microsoft Windows DLL

Overview A buffer overflow vulnerability exists in the Win32 API libraries shipped with all versions of Microsoft Windows XP, Microsoft Windows 2000, Microsoft Windows NT 4.0, and Microsoft Windows NT 4.0 Terminal Server Edition. This vulnerability, which is being actively exploited on...

Samba contains buffer overflow in SMB/CIFS packet fragment reassembly code

Overview A buffer overflow vulnerability has been discovered in Samba. An updated version has been released. Description A remotely exploitable buffer overflow vulnerability was discoved to affect Samba versions 2.0.x through 2.2.7a. From their bulletin: The SuSE security audit team, in particula...

NetPBM contains multiple buffer overflow vulnerabilities

Overview NetPBM is a set of graphics conversion tools and has been found to contain multiple buffer overflow vulnerabilities. Description A code review of NetPBM has revealed multiple buffer overflow vulnerabilities. These vulnerabilities could be exploited by loading malicious image files. ---...

Utah Raster Toolkit contains multiple vulnerabilities

Overview The Utah Raster Toolkit is a graphics library/utility. Several vulnerabilities have been reported in the Utah Raster Toolkit. Description The Utah Raster Toolkit is a graphics library/utility. Several vulnerabilities have been reported in the Utah Raster Toolkit. --- Impact The complete...

Lotus Domino Web Retriever contains a buffer overflow vulnerability

Overview A buffer overflow vulnerability may be exploited via the Lotus Domino Web Retriever. Versions prior to 5.0.12 and 6.0 are affected. Description According to the Rapid7 Advisory:The Lotus Notes/Domino Web Retriever task is responsible for retrieving web pages on behalf of Notes users who...

Protegrity Secure.Data for Microsoft SQL Server 2000 contains buffer overflows in extended stored procedures

Overview Protegrity Secure.Data for Microsoft SQL Server 2000 includes several extended stored procedures that contain buffer overflow vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code, gain access to databases, or cause a denial of service. Descriptio...

Lotus Domino Server susceptible to a pre-authentication buffer overflow during Notes authentication

Overview Lotus Domino is vulnerable to a pre-authentication buffer overflow attack during Notes authentication. Description A buffer overflow vulnerability may be exploited during Notes authentication to a Lotus Domino server. Versions prior to 5.0.12 and 6.0 are affected. According to the Rapid7...

The ISS RealSecure Network Sensor fails to properly process certain types of DHCP traffic.

Overview ISS RealSecure Network Sensor "informational signatures" fail to properly process certain types of DHCP traffic, thereby causing the sensor to crash. Description The ISS RealSecure Network Sensor fails to properly process certain types of DHCP traffic. If the sensor processes certain typ...

Physical access to a computer system can be used to bypass software-based access control mechanisms

Overview An intruder who gains physical access to a computer system can bypass software-based control mechanisms. Description If an intruder can gain physical access to a computer resource, he can bypass software-based access control mechanisms, install Trojans horses, install hardware to...

Automatic File Content Type Recognition Tool vulnerable to stack overflow

Overview A buffer overflow vulnerability exists in the "Automatic File Content Type Recognition Tool" versions of the file1 package prior to 3.41. Description The file1 package is used to examine files on the system. According to an OpenPKG advisory, a stack overflow vulnerability exists in the...

Automatic File Content Type Recognition Tool contains memory allocation problem

Overview A memory allocation problem exists in the "Automatic File Content Type Recognition Tool" versions of the file1 package prior to 3.41. Description According to an OpenPKG advisory, a memory allocation problem exists in the "Automatic File Content Type Recognition Tool" AFCTR tool versions...

Microsoft Windows Me and XP Help and Support Center does not adequately validate hcp:// URI parameters

Overview The Help and Support Center included with Microsoft Windows Millennium Edition and XP does not adequately validate parameters provided in an "hcp://" URI. As a result, an attacker could construct a URI that could cause the Help and Support Center to execute arbitrary script, effectively...

Remote Buffer Overflow in Sendmail

Overview There is a vulnerability in sendmail that may allow remote attackers to gain the privileges of the sendmail daemon, typically root. Description Researchers at Internet Security Systems ISS have discovered a remotely exploitable vulnerability in sendmail. This vulnerability could allow an...

Buffer overflow in Snort RPC preprocessor

Overview There is a buffer overflow vulnerability in the RPC preprocessing feature of Snort versions 1.8 through 1.9.0 and 2.0 beta. Description Martin Roesch, the primary Snort developer, described the vulnerability by saying:When the RPC decoder normalizes fragmented RPC records, it incorrectly...

gnome-terminal allows arbitrary command execution when viewing files containing crafted escape sequences

Overview gnome-terminal may allow a remote attacker to execute arbitrary commands via crafted escape sequences. Description gnome-terminal affords users the ability to utilize an escape sequence to "export" the title of the current window title directly to the shell command line. By viewing a...

Lotus Domino Web Server vulnerable to denial of service via incomplete POST request

Overview Lotus Domino Web Server is an application that provides access to Lotus Notes databases via HTTP requests. A vulnerability exists that could permit a remote attacker to cause a denial-of-service situation for HTTP requests. Description Lotus Domino Web Server contains a vulnerability in...

Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities

Overview Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol SIP. These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Ove...

Lotus Domino Web Server vulnerable to buffer overflow via non-existent "h_SetReturnURL" parameter with an overly long "Host Header" field

Overview Lotus Domino Web Server is an application that provides access to Lotus Notes databases via HTTP requests. A vulnerability exists that could permit a remote attacker to execute arbitrary code on the server. Description Lotus Domino Web Server contains a vulnerability in the nhttp.exe...

Lotus Notes and Domino COM Object Control Handler contains buffer overflow

Overview Lotus Notes is a client application that provides access to Lotus Domino servers. A vulnerability exists that could permit a remote attacker to cause a user to execute arbitrary code. Description A buffer overflow vulnerability exists in the in both Lotus Notes clients and Domino Servers...

Lotus iNotes vulnerable to buffer overflow via PresetFields FolderName field

Overview Lotus iNotes contains a buffer overflow that could permit a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable server. Description Lotus iNotes Web Access is a database application that provides "access to corporate messaging services and personal...

Lotus iNotes vulnerable to buffer overflow via PresetFields s_ViewName field

Overview Lotus iNotes contains a buffer overflow that could permit a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable server. Description Lotus iNotes Web Access is a web-based database application that provides "access to corporate messaging services and...

Oracle9i Application Server MOD_ORADAV Module vulnerable to DoS

Overview A remotely exploitable denial-of-service vulnerability exists in the Oracle9i Application Server MODORADAV Module. Description Oracle has described this vulnerability as follows:A potential security vulnerability has been discovered in Oracle9i Application Server. A knowledgeable and...

Oracle9i Database contains remotely exploitable buffer overflow in "TZ_OFFSET" function

Overview A remotely exploitable buffer overflow vulnerability exists in Oracle9i Database. Description A buffer overflow vulnerability exists on all platforms in the following versions of Oracle9i Database: Oracle9i Database Release 2 9i Release 1 8i 8.1.7 8.0.6 A buffer overflow vulnerability...

Oracle9i Database contains remotely exploitable buffer overflow in "TO_TIMESTAMP_TZ" function

Overview A remotely exploitable buffer overflow vulnerability exists in Oracle9i Database. Description A buffer overflow vulnerability exists on all platforms in the following versions of Oracle9i Database: Oracle9i Database Release 2 9i Release 1 8i 8.1.7 8.0.6 A buffer overflow exists in...

Oracle9i Database contains remotely exploitable buffer overflow in "ORACLE.EXE"

Overview A remotely exploitable buffer overflow vulnerability exists in Oracle9i Database. Description A buffer overflow vulnerability exists on all platforms in the following versions of Oracle9i Database: Oracle9i Database Release 2 9i Release 1 8i 8.1.7 8.0.6 The buffer overflow exists in a...

Oracle9i Database contains remotely exploitable buffer overflow in "BFILENAME" function

Overview A remotely exploitable buffer overflow vulnerability exists in Oracle9i Database. Description A buffer overflow vulnerability exists on all platforms in the following versions of Oracle 9i Database: Oracle9i Database Release 2 9i Release 1 8i 8.1.7 8.0.6 A buffer overflow exists in...

Yahoo! Mobile service discloses random sensitive information to unauthorized users

Overview The Yahoo! Mobile service contains an information exposure vulnerability. Description The Yahoo! Mobile Service enables users of handheld devices to take advantage of the same kinds of services Yahoo! Inc. offers to traditional desktop computing users e.g. web browsing, email, etc.. A...

Hyperseek 2000 hsx.cgi does not adequately filter user input disclosing directory listings and file contents

Overview iWeb Systems Hyperseek search engine may allow malformed URL requests to access files outside the document root of a vulnerable system. Description A specially crafted URL can disclose the directory listing and files of the target system with read permissions. --- Impact Remote attackers...