Some implementations of mod_dav contain a format string vulnerability in "ap_log_rerror()" function

Overview A vulnerability in some implementations of moddav may permit a remote attacker to gain unauthorized access to a web server running moddav. Description moddav is a module designed to provide DAV capabilities for a web server. A format string vulnerability in some implementations may permi...

Apache vulnerable to DoS via request for MS-DOS device

Overview Systems running the Apache web server under some versions of Microsoft Windows may be vulnerable to a remote denial-of-service condition. Description The Apache HTTP server fails to filter GET requests for MS-DOS style device names. This results in a denial-of-service vulnerability on...

Apache allows arbitrary code execution via crafted POST request containing MS-DOS device name

Overview Due to a flaw in the Apache web server's handling of MS-DOS device names, an attacker may be able to remotely execute code on systems running the Apache web server under some versions of Microsoft Windows. Description The Apache HTTP server fails to filter POST requests for MS-DOS style...

kernel-utils sets insecure permissions on "uml_net" utility

Overview The umlnet utility, part of the kernel-utils package in Red Hat Linux 8.0, was shipped with incorrect permissions. Description User-Mode Linux UML is a tool to provide a virtual machine in which to run another copy of Linux. In Red Hat linux 8.0, the kernel-utils package contains the UML...

AbsoluteTelnet vulnerable to buffer overflow via overly long window title

Overview A remotely exploitable buffer overflow vulnerability exists in AbsoluteTelnet. This vulnerability may allow a malicious server operator to execute arbitrary code on a vulnerable client. Description AbsoluteTelnet is a terminal client. A remotely exploitable buffer overflow vulnerability...

Microsoft Internet Explorer allows arbitrary local file reading via "showHelp()" function

Overview A vulnerability in Microsoft Internet Explorer IE allows remote attackers to read arbitrary files on a vulnerable system. Description A vulnerability in the showHelp Method contained within IE may allow a remote attacker to read arbitrary files. For further details, please see the...

Sun Solaris lockd(1M) daemon vulnerable to DoS

Overview A remotely exploitable denial-of-service vulnerability exists in the Solaris lockd1M daemon. Exploitation of this vulnerability may kill the lockd process. Description Sun Microsystems describes the lockd1M daemon as follows:The lockd utility is part of the NFS lock manager, which suppor...

ISC "dhcrelay" fails to limit hop count when malicious bootp packet is received

Overview A vulnerability in the Internet Software Consortium's "dhcrelay" makes it possible for a remote attacker to use dhcrelay to launch a denial-of-service attack against a victim dhcp server. Description The Internet Software Consortium ISC produces a "freely redistributable reference...

MIT Kerberos V5 KDC logging routines use unsafe format strings

Overview Early releases of the MIT Kerberos V5 KDC contain format string vulnerabilities that can be used by unauthenticated remote attackers to conduct denial of service attacks on KDC servers. Description Logging routines in some unspecified versions of the MIT Kerberos V5 Key Distribution Cent...

MIT Kerberos V5 allows inter-realm user impersonation by malicious realm controllers with shared keys

Overview MIT Kerberos V5 contains a flaw that allows the controller of one Kerberos realm to impersonate users in a second realm. Description MIT Kerberos V5 releases prior to 1.2.3 contain a vulnerability that allows users from one realm to impersonate users from other non-local realms that use...

MIT Kerberos V5 ASN.1 decoder fails to perform bounds checking on data element length fields

Overview The MIT Kerberos V5 implementation contains an ASN.1 decoding flaw that may allow remote attackers to crash affected Kerberos applications. Description Kerberos V5 protocol messages are defined using Abstract Syntax Notation One ASN.1, a formal language that allows protocol specification...

Various FTP clients fail to account for pipe (|) characters in default file names

Overview Various FTP client implementations do not correctly handle files whose name begins with the "|" pipe character. Description Most FTP clients include a feature in which the remote filename is used as the local filename in a GET RETR operation. For example, many FTP clients support syntax...

Web servers enable HTTP TRACE method by default

Overview The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. Attackers could leverage this behavior to access sensitive information, such as cookies or authentication data, contained in the HTTP headers of the request. Description The HTTP...

Microsoft Locator service contains buffer overflow

Overview A remotely exploitable buffer overflow exists in the Microsoft Locator service. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Locator service "maps logical names to network-specific names". Quoting from...

Sun KCMS library service daemon does not adequately validate location of KCMS profiles

Overview The Sun KCMS library service daemon, kcmsserver, does not adequately validate the location of KCMS profile files. This could allow a remote attacker to read arbitrary files on a vulnerable system. Description Sun Solaris contains support for the Kodak Color Management System KCMS, an...

Microsoft Virtual Machine incorrectly parses the domain portion of URLs containing a colon

Overview Some versions of the Microsoft virtual machine Microsoft VM contain a flaw that could allow untrusted Java applets from an attacker's site to be run instead of the trusted applet from the intended site. Description The Microsoft virtual machine Microsoft VM enables Java programs to run o...

Concurrent Versions System (CVS) server improperly deallocates memory

Overview A "double-free" vulnerability in the Concurrent Versions System CVS server could allow a remote attacker to execute arbitrary code or commands or cause a denial of service on a vulnerable system. Description CVS is a source code maintenance system that is widely used by open-source...

Microsoft Virtual Machine allows untrusted applets to access the user.dir system property

Overview Some versions of the Microsoft virtual machine Microsoft VM contain a flaw that could leak information about the user's system. This flaw could allow malicious Java applets to get information they would normally be denied access to. Description The Microsoft virtual machine Microsoft VM...

Microsoft Virtual Machine allows applets write access to the Standard Security Manager

Overview A flaw in the Microsoft virtual machine Microsoft VM could allow malicious Java applets to block other, legitimate applets from running, resulting in a denial-of-service condition. Description The Microsoft virtual machine Microsoft VM enables Java programs to run on Windows platforms. T...

Sun Solaris AUTH_DES authentication contains vulnerability allowing user to gain escalated privileges

Overview A remotely exploitable privilege escalation vulnerability exists in multiple versions of Solaris. Description RPC requests utilizing AUTHDES authentication can trigger a privilege escalation vulnerability in multiple versions of Solaris. For more details, please see Sun Alert ID 46944. -...

HP-UX XServer contains privilege escalation vulnerability

Overview A privilege escalation vulnerability exists in the HP-UX 11.22 XServer. Description A privilege escalation vulnerability in the HP-UX 11.22 XServer may allow an attacker to gain elevated privileges. For more details, please see HPSBUX0301-238. --- Impact An attacker may be able to gain...

ISC DHCPD minires library contains multiple buffer overflows

Overview The Internet Software Consortium ISC has discovered several buffer overflow vulnerabilities in their implementation of DHCP ISC DHCPD. These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we are not aware of any exploits. Descripti...

BEA WebLogic Server "ResourceAllocationException" exception may disclose user password

Overview A vulnerability in BEA's WebLogic Server may disclose sensitive information. Description From the BEA WebLogic Server 7.0 Overview:BEA WebLogic Server is a fully featured, standards-based application server providing the foundation on which an enterprise can build its applications. BEA...

Lotus Domino web server vulnerable to buffer overflow via long HTTP authentication header containing non-ASCII characters

Overview A remotely exploitable buffer overflow exists in versions of IBM's Lotus Domino web server prior to R5.0.10. Description A remotely exploitable buffer overflow exists in the Lotus Domino web server. The overflow can occur as the result of an overly long HTTP Authenticate header containin...

Network device drivers reuse old frame buffer data to pad packets

Overview Many network device drivers reuse old frame buffer data to pad packets, resulting in an information leakage vulnerability that may allow remote attackers to harvest sensitive information from affected devices. Description The Ethernet standard IEEE 802.3 specifies a minimum data field si...

Buffer overflow in Microsoft Windows Shell

Overview A remotely exploitable buffer overflow exists in the Microsoft Windows Shell. This buffer overflow is present in all versions of Windows XP, but it is not present in other versions of Windows. Description There is a buffer overflow in the Microsoft Windows Shell. The Shell provides the...

PC-cillin "pop3trap.exe" vulnerable to buffer overflow via long string of characters

Overview A locally exploitable buffer overflow exists in PC-cillin. Description Trend Micro describes PC-cillin as follows:Trend Micro PC-cillin provides all-in-one antivirus security, personal firewall, and PDA protection for your PC. The user-friendly interface makes it easy to install and use...

GoAhead Web Server discloses source code of ASP files via crafted URL

Overview An input validation vulnerability in the GoAhead Web Server allows attackers to view sensitive information. This issue is also referenced in VU124059. Description The GoAhead Web Server inadequately filters user-supplied input. Specifically, the server does not properly filter malformed...

Multiple vendors' SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization

Overview Secure shell SSH transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. A remote attacker could execute arbitrary code with the privileges of the SSH...

Samba contains a remotely exploitable stack buffer overflow

Overview A remotely exploitable stack buffer overflow exists in the Samba server daemon smbd. Description Versions 2.2.2 through 2.2.6 of Samba contain a remotely exploitable stack buffer overflow. The Samba Team describes Samba as follows:The Samba software suite is a collection of programs that...

Microsoft Internet Explorer does not adequately validate references to cached objects and methods

Overview Microsoft Internet Explorer does not adequately validate references to cached objects and methods across domains and security zones. The impact is similar to that of a cross-site scripting vulnerability, allowing an attacker to access data in other sites, including the Local Computer zon...

Cobalt RaQ Server Appliances contains vulnerability allowing remote root compromise

Overview A remotely exploitable vulnerability exists in Cobalt RaQ Server Appliances with the Security Hardening Package SHP installed. Description The Cobalt RaQ is a Sun Server Appliance. Sun describes the Cobalt RaQ as follows:The Cobalt RaQTM4 is a server appliance that provides a dedicated...

wget contains directory traversal vulnerability

Overview The wget utility contains directory traversal vulnerabilities that allow a malicious FTP server to overwrite files on the client host. Description In a typical file transfer operation, one participant the client requests a file while a second participant the server provides the requested...

Multiple FTP clients contain directory traversal vulnerabilities

Overview Multiple File Transfer Protocol FTP clients contain directory traversal vulnerabilities that allow a malicious FTP server to overwrite files on the client host. Description In a typical file transfer operation, one participant the client requests a file while a second participant the...

Pine MUA contains buffer overflow in addr_list_string()

Overview Pine is a mail user agent MUA written and distributed by the University of Washington. Some versions contain a buffer overflow vulnerability in email address handling. Description Versions of Pine prior to 4.50 contain a remotely exploitable buffer overflow in the addrliststring function...

University of Washington IMAP Server vulnerable to buffer overflow after login

Overview A buffer overflow vulnerability exists in versions of the University of Washington IMAP Server up to and including the imap-2002 release. This vulnerability may allow an authenticated attacker to execute arbitrary code on the mail server with the privileges of the UID of the user running...

Netscape and iPlanet Enterprise Servers fail to sanitize log files before they are displayed using the administration client

Overview IPlanet Enterprise Server and Netscape Enterprise Server versions prior to 4.1. SP12 have a vulnerability involving the rendering of tags embedded in the web logs when viewed through the administration client. Description Requests made to web servers are routinely logged by the web serve...

Microsoft Windows Remote Desktop Protocol (RDP) uses weak algorithm for encrypting packets

Overview Microsoft Windows Remote Desktop Protocol RDP uses a weak algorithm for encrypting packets. Description Microsoft describes RDP as follows.RDP is based on, and is an extension of, the T.120 protocol family standards. It is a multichannel-capable protocol that allows for separate virtual...

Sun Solaris priocntl(2) does not adequately validate path to kernel modules that implement lightweight process (LWP) scheduling policy

Overview The Sun Solaris priocntl2 function does not adequately validate a memory structure that specifies the name of a kernel module. As a result, a local attacker could execute arbitrary code with superuser privileges on a vulnerable system. Description The Sun Solaris priocntl2 function...

SSH Secure Shell for Workstations contains buffer overflow in URL-handling feature

Overview The Windows version of SSH Secure Shell for Workstations contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description The SSH Secure Shell for Workstations client includes a URL-handling feature that allows users to launch URLs that appear in...

Cyrus IMAP Server contains a buffer overflow vulnerability

Overview A buffer overflow vulnerability exists in versions of Cyrus IMAP Server up to and including 2.1.10. This vulnerability may allow a remote attacker to execute arbitrary code on the mail server with the privileges of the Cyrus IMAP Server. Description Cyrus IMAP Server is an e-mail...

Solaris X Window Font Service (XFS) daemon contains buffer overflow in Dispatch() function

Overview A remotely exploitable buffer overflow has been discovered in the Solaris X Window Font Service XFS daemon fs.auto. Description ISS X-Force released an Advisory today regarding a remotely exploitable buffer overflow in XFS. According to ISS, XFS is installed and running by default on the...

SSH Secure Shell for Servers fails to remove child process from master process group

Overview A locally exploitable privilege escalation vulnerability exists in SSH Secure Shell versions 2.0.13 - 3.2.1. Description Secure Shell for Servers, developed by SSH Communications Security, does not properly remove the child process from the master process group after non-interactive...

Microsoft Windows Data Access Components contains heap overflow in Data Stubs when parsing a malformed HTTP request

Overview A vulnerability in the Microsoft Data Access Components MDAC could lead to remote execution of code with the privileges of the current process, or user. Description Microsoft Data Access Components MDAC is a collection of utilities and routines to process requests between databases and...

Alcatel Operating System (AOS) does not require a password for accessing the telnet server

Overview The OmniSwitch 7700/7800 running Alcatel Operating System AOS version 5.1.1 has TCP port 6778 listening as a telnet server. This gives anyone access to the OmniSwitch's Vx-Works operating system without requiring a password. Description During an NMAP audit of the AOS 5.1.1 code that run...

NetScreen Secure Command Shell (SCS) denial-of-service vulnerability

Overview The Secure Command Shell service on NetScreen firewall products contains a remotely exploitable denial-of-service vulnerability. Description Firewall products from NetScreen Technologies, Inc. include a Secure Shell version 1 SSHv1 implementation called Secure Command Shell SCS. The SCS...

The default NTFS permissions are not applied to a converted boot partition on Microsoft Windows 2000 and Windows XP systems when CONVERT.EXE is used

Overview Several commercial desktops and laptops from OEM distributors ship with insecure permissions set on files and directories. It has been confirmed that this is due to the use of Microsoft's CONVERT.EXE utility. Description Microsoft's CONVERT.EXE program is used to convert FAT32 file syste...

Various DNS service implementations generate multiple simultaneous queries for the same resource record

Overview Various implementations of DNS services may allow multiple simultaneous queries for the same resource record, allowing an attacker to apply probabilistic techniques to improve their odds of successful DNS spoofing. Description Some implementations of DNS services contain a vulnerability...

Overly large OPT record assertion

Overview A remotely exploitable denial-of-service vulnerability exists in BIND. Based on recent reports, we believe this vulnerability is being actively exploited. Description A remotely exploitable denial-of-service vulnerability exists in BIND 8.3.0 - 8.3.3. ISC's description of this...

ISC BIND 8 fails to properly dereference cache SIG RR elements with invalid expiry times from the internal database

Overview A remotely exploitable denial-of-service vulnerability exists in BIND. Description A remotely exploitable denial-of-service vulnerability exists in BIND 8.2 - 8.2.6 and BIND 8.3.0 - 8.3.3. ISC's description of this vulnerability states:It is possible to de-reference a NULL pointer for...