Cached malformed SIG record buffer overflow

Overview A vulnerability in BIND allows remote attackers to execute code with the privileges of the process running named. This vulnerability is resolved in BIND versions 4.9.11, 8.2.7, 8.3.4, and BIND 9. Description A remotely exploitable buffer overflow exists in named. An attacker using...

ISC BIND 8 fails to properly dereference cache SIG RR elements with invalid expiry times from the internal database

Overview A remotely exploitable denial-of-service vulnerability exists in BIND. Description A remotely exploitable denial-of-service vulnerability exists in BIND 8.2 - 8.2.6 and BIND 8.3.0 - 8.3.3. ISC's description of this vulnerability states:It is possible to de-reference a NULL pointer for...

Multiple Sun RPC-based libc implementations fails to provide time-out mechanism when reading data from TCP connections

Overview A denial-of-service vulnerability exists in multiple vendor Sun RPC-based libc implementations. Description Multiple vendor Sun RPC-based libc implementations fail to properly read data from TCP connections. As a result, a remote attacker can deny service to system daemons. --- Impact A...

Apache discloses source code via POST requests to a location with WebDAV and CGI enabled

Overview There is an information leakage in Apache that results from an interaction between WebDAV and CGI. Description Apache version 2.0.42 allows remote attackers to obtain the source code of CGI scripts that are stored in locations for which both CGI and WebDAV are enabled. When a POST reques...

Netegrity SiteMinder does not adequately validate user input thereby allowing user to bypass filters via crafted URL

Overview Netegrity SiteMinder does adequately vaildate HTTP requests containing malicious Unicode encodings. Description Netegrity SiteMinder is a platform for securing multiple web applications through a single point of user authentication. SiteMinder does not properly filter HTTP requests when...

webalizer vulnerable to buffer overflow when performing reverse DNS lookups

Overview A remotely exploitable buffer overflow exists in all versions of webalizer prior to version 2.01-10. Description webalizer is a web server log file analysis program.webalizer has the ability do resolve hostnames as part of the process of generating reports. A buffer overflow exists in th...

Microsoft Windows 2000 SNMP service leaks memory when querying printer objects if spooler service is stopped

Overview A memory leak exists in the Windows 2000 SNMP service. Under a specific precondition, it can result in a remote denial-of-service vulnerability. Description If the SNMP service is running on a Windows 2000 server, and the 'Print Spooler' service is not running, repeatedly using SNMP...

Kerberos administration daemon vulnerable to buffer overflow

Overview Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system. Description A remotely exploitable buffer overflow exists in the Kerber...

Avaya switches contains multiple undocumented accounts allowing full administrative access to the device

Overview Multiple Avaya switches do not adequately protect privileged access. Description Avaya's P882, P880, P580, and P550R series switches do not adequately protect account access. As a result, a remote attacker can gain access to the switch via http or telnet. --- Impact A remote attacker can...

Multiple IPsec implementations do not adequately validate authentication data

Overview IPsec implementations from multiple vendors do not adequately validate the authentication data in IPsec packets, exposing vulnerable systems to a denial of service. Description For background: RFC 2401 Security Architecture for the Internet Protocol RFC 2402 IP Authentication Header RFC...

gv contains buffer overflow in sscanf() function

Overview A remotely exploitable buffer overflow vulnerability exists in gv. Description A remotely exploitable buffer overflow vulnerability exists in gv. gv allows a user to view and navigate PostScript and PDF documents by providing an interface to the ghostscript interpreter. This vulnerabilit...

Microsoft Word and Excel documents allow local file reading by via embedded fields

Overview Microsoft Word and Excel contain special encoding tags for formatting and updating content. An attacker may be able to use these tags to exploit an information disclosure vulnerability. Description Microsoft Word and Microsoft Excel are applications that ship as part of the Microsoft...

dvips uses system() function insecurely thereby allowing arbitrary command execution

Overview A vulnerability in the dvips utility can allow a remote attacker to execute arbitrary code on a vulnerable system. Description The dvips utility is used to convert DVI files to PostScriptTM. Typically the output is sent to the printer.RHSA-2002:194-18 states the vulnerability occurs...

State-based firewalls fail to effectively manage session table resource exhaustion

Overview There is a vulnerability in several state-based firewall products that allows arbitrary remote attackers to conduct denial of service attacks against vulnerable firewalls. Description Many firewall products use state tables to determine whether a given packet belongs to an existing sessi...

Multiple vendors' HTTP content/virus scanners do not check data tunneled via HTTP CONNECT method

Overview Multiple vendors' HTTP anti-virus and content filters do not inspect the contents of HTTP CONNECT method tunnels. As a result, viruses or other restricted HTTP content may not be blocked as specified by policy. Description Many anti-virus and content filter products that are designed to...

Multiple buffer overflow vulnerabilities in QNX

Overview Multiple buffer overflow vulnerabilities have been reported in QnX. Description QnX is an RTOS Realtime Operating System. QnX is used in many different devices and industries, including, but not limited to, Routers Manufacturing and Processing Medical Equipment Automotive and...

Microsoft Java implementation JDBC functions do not properly validate parameters

Overview The Java Database Connectivity JDBC classes of Microsoft's Java virtual machine VM contain functions that do not properly validate parameters. A malicious Java applet can exploit this vulnerability to crash programs on the client system. Description Microsoft's Java VM is installed on...

Microsoft Java implementation JDBC classes do not properly validate DLL requests

Overview The Java Database Connectivity JDBC classes of Microsoft's Java virtual machine VM do not properly validate DLL requests, allowing a malicious applet to load and execute any DLL on the client system. Description Microsoft's Java VM is installed on Windows 98, NT, 2000, and XP. It is used...

Microsoft Java implementation allows execution of malicious code

Overview A class in Microsoft's Java virtual machine VM does not properly validate trusted applets, allowing untrusted applets to exploit native methods and execute arbitrary code. Description Microsoft's Java VM is installed on Windows 98, NT, 2000, and xp. It is used by Internet Explorer and...

ypxfrd daemon fails to properly validate user supplied arguments in "getdbm" procedure

Overview A vulnerability in the ypxfrd daemon may allow a local attacker to read arbitrary files on the vulnerable system. Description Janusz Niewiadomski, of iSEC, discovered this vulnerability and produced the following advisory.Issue: ====== Improper arguments validation in ypxfrd may allow...

Multiple vendors' firewalls do not adequately keep state of FTP traffic

Overview Firewalls and other systems that inspect FTP application layer traffic may not adequately maintain the state of FTP commands and responses. As a result, an attacker could establish arbitrary TCP connections to FTP servers or clients located behind a vulnerable firewall. Description Many...

Microsoft Services for Unix 3.0 Interix SDK vulnerable to buffer overrun via RPC request containing improper parameter size check

Overview Microsoft Services for Unix 3.0 Interix SDK contains a remotely exploitable buffer overflow. Description Quoting from Microsoft's Services for Unix 3.0 homepage, "Windows Services for UNIX version 3.0 provides a full range of cross-platform services for integrating Windows into existing...

Apache HTTPD server vulnerable to cross site scripting on error page when using wildcard DNS

Overview Versions of the Apache HTTPD server with wildcard DNS enabled and UseCanonicalName disabled, are vulnerable to a cross-site scripting attack. Description Apache HTTPD servers versions 2.0.42 and prior, and 1.3.26 and prior, with wildcard DNS enabled and UseCanonicalName disabled, are...

ZIP archives containing files with large filenames can cause buffer overflows

Overview Multiple file decompression utilities contain buffer overflow vulnerabilities for which the impacts vary. Description Researchers at Rapid7, Inc. have discovered that multiple file decompression utilities are susceptible to buffer overflows as a result of large filenames embedded in...

Microsoft SmartHTML interpreter (shtml.dll) contains vulnerability

Overview Microsoft's SmartHTML interpreter shtml.dll contains a remotely exploitable vulnerability. Description shtml.dll is a component of FrontPage Server Extensions. FrontPage Server Extensions allow web developers to add or change content and to manage the web server.Quoting from MS02-053, "T...

Microsoft Windows XMLHTTP component allows remote access to local data sources

Overview The Microsoft XMLHTTP ActiveX control allows unauthorized reading of any known file on a system. A victim must be enticed to visit a malicious site in order to be attacked. Description Description from MS02-008:Microsoft XML Core Services MSXML includes the XMLHTTP ActiveX control, which...

InvokeRegWizard (regwizc.dll) ActiveX control has a buffer overflow

Overview Microsoft Internet Explorer 4.01 and 5 ship with a series of activex controls to aid in its functionality. Regwiz.dll is an safe-for-scripting activex control that contains a remotely exploitable buffer overflow. Description InvokeRegWizard regwizc.dll is a control that ships with...

Microsoft Internet Explorer executes scripts when scripting has been disabled after bypassing initial security checks

Overview A vulnerability exists in Microsoft Internet Explorer that could permit an attacker to execute arbitrary script, even if the user has specifically disabled active scripting. Description Internet Explorer permits users to customize settings that enable and disable the ability of scripts t...

Adobe Acrobat eBook Reader allows users to circumvent copying and printing restrictions

Overview A vulnerability in Adobe Acrobat eBook Reader allows local users to circumvent redistribution restrictions placed on an eBook by the publisher. Description The Adobe Acrobat eBook Reader allows one to read electronic books. The eBook Reader employs technology in order to control what the...

SetupCtl 1.0 Type Library contains a buffer overflow

Overview SetupCtl 1.0 Type Library is a safe-for-scripting ActiveX control that contains a remotely exploitable buffer overflow. This control ships with Microsoft Internet Explorer 4.01 and 5. Description SetupCtl 1.0 Type Library is a safe-for-scripting ActiveX control that contains a remotely...

Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow

Overview DNS stub resolvers from multiple vendors contain a buffer overflow vulnerability. The impact of this vulnerability appears to be limited to denial of service. Description A read buffer overflow vulnerability exists in BIND 4 and BIND 8.2.x stub resolver libraries. Other resolver librarie...

DHTML Edit Control for IE5 allows local files to be uploaded to web server

Overview A vulnerability exists in the DHTML Edit Control for IE5 that allows arbitrary local files to be uploaded to a web server. Description DHTML Edit is an activex control that is marked safe-for-scripting. This control can be embedded in a website, and permit local files to be remotely...

Microsoft Windows Media Player ActiveX control allows execution of javascript in "already open" frames

Overview A vulnerability in the Windows Media Player may allow remote attackers to view the contents of local files on the victim's computer. Description Using the "LaunchURL" method of the Windows Media Player ActiveX control, a web page author may be able to circumvent the frame security featur...

Microsoft Exchange 2000 system attendant sets incorrect remote registry permissions

Overview The Microsoft Exchange System Attendant sets the permissions on a registry key incorrectly, allowing remote intruders access to the registry. Description The Microsoft Exchange System Attendant changes the permissions of the...

PostNuke does not adequately validate user input thereby allowing malicious user to bypass user authentication via SQL injection

Overview PostNuke does not adequately filter user input, allowing arbitrary MySQL query execution and user authentication without password. Description PostNuke is a web content management system based on PHPNuke, written in PHP. The article.php component of PostNuke versions 0.62, 0.63, and 06.4...

SIX-webboard does not adequately validate user input thereby permitting directory traversal

Overview SIX-webboard does not adequately validate user input, allowing directory traversal. Description SIX-webboard 2.01 does not adequately validate the "content" CGI variable, allowing directory traversal out of SIX-webboard's content root directory. Attackers may exploit this vulnerability t...

Microsoft Word does not adequately validate macros embedded within malformed Word documents

Overview There is a vulnerability caused by a failure to detect macros embedded in Microsoft Word documents. This vulnerability may allow the author of a malicious document to execute arbitrary commands as the user who opens the document. Description Microsoft Word versions including Word 2002,...

MS Excel XLM Text Macro execution fails to trigger warning when default medium security set

Overview Excel fails to present a warning dialog when a macro is called from an external XLM text macro file. Description If a spreadsheet contains a reference to an external macro XLM file, Excel does not generate the usual warning dialog asking if the user wants to run the macro. Microsoft...

Shambala FTP Server does not adequately validate user input thereby allowing directory traversal

Overview Shambala FTP server has a directory traversal vulnerability in its handling of the CWD command. Description Shambala FTP server contains a directory traversal vulnerability in its handling of the CWD command. Attackers may exploit this vulnerability to read directories and files outside ...

Microsoft Word does not check for macros contained in linked template file when opening RTF document

Overview There is a vulnerability caused by a failure to detect macros embedded in templates used by rich text format documents opened in Microsoft Word. This vulnerability may allow the author of a malicious document to execute arbitrary commands as the user who opens the document. Description...

Microsoft Windows SMTP Service fails to properly handle responses from the NTLM authentication layer

Overview A flaw in the authentication code of the SMTP service provided with Windows 2000 server and Exchange 5.5 may allow a user access to the SMTP service. This acess could be used to relay mail in violation of the SMTP server's security policy, or consume CPU resources on the SMTP server...

Alchemy Eye HTTP Server does not adequately validate user input thereby allowing remote command execution

Overview Alchemy Eye does not properly validate HTTP requests, allowing arbitrary command execution. Description Alchemy Eye includes an HTTP server for remote system monitoring and control. In versions 2.0 through 2.6 of Alchemy Eye, the HTTP server component does not adequately validate HTTP...

Microsoft Windows 2000 fails to apply Group Policy to clients when policy file has been opened using exclusive read access (MS02-016)

Overview A vulnerability in the locking of Group Policy Files under Windows 2000 may allow a local intruder to circumvent recently applied policy settings. Description When a user logs onto a Windows 2000 system, a number of "security policy" settings are applied to that user's session. The...

Novell GroupWise Server web-based front-end does not adequately validate user input thereby allowing directory traversal

Overview Novell GroupWise web application does not adequately validate user input, allowing directory traversal. Description Novell GroupWise server includes a web application that allows users to access e-mail and other features of the server. This component of GroupWise does not properly valida...

Savant Web Server has a buffer overflow vulnerability

Overview Savant Web Server has a buffer overflow vulnerability in handling of the HTTP 1.1 Host header. Description Savant Web Server has a buffer overflow vulnerability in handling of the HTTP 1.1 Host header. HTTP requests with long Host headers will cause Savant to crash. --- Impact Remote...

Microsoft Internet Explorer allows read access to local files via incorrect VBScript handling

Overview A vulnerability in the cross-domain frame security model of Internet Explorer may allow remote attackers to view the contents of local files when a user views a malicious web page. Description There's a vulnerability in the cross-domain frame security model of Internet Explorer that may...

Sun Solaris asppls(1M) vulnerable to arbitrary file overwriting via symlink redirection of temporary file

Overview Sun Solaris asppls1M creates temporary files insecurely, leading to possible local root compromise. Description Sun Microsystems describes the function of asppls1M as follows:aspppd is the link manager for the asynchronous data link protocol specified in RFC1331, The Point-to-Point...

PGPMail.pl does not adequately validate user input thereby allowing arbitrary command execution

Overview PGPMail.pl does not adequately filter user input, allowing arbitrary command execution. Description PGPMail.pl is an adaptation of the FormMail.pl CGI script, enhanced to use PGP encryption. PGPMail.pl does not adequately filter the "recipient" and "pgpuserid" CGI variables before passin...

Microsoft Windows 2000 Indexing Services enumerates local file locations via ixsso.query ActiveX object

Overview Index Server 2.0 and the Indexing Service 3.0 contain a vulnerability that may allow remote intruders to gain information about files on the local computer. Description Index Server 2.0 and Indexing Service 3.0 are services that allow information about local files to be queried via a web...

Microsoft Internet Explorer 5.5 print template ActiveX control allows arbitrary command execution

Overview The Internet Explorer 5.5 Print Template feature contains a vulnerability that allows a web page author to execute arbitrary code as the user viewing the web page. Description Internet Explorer version 5.5 supports a feature called "print templates" which allows a web page author to...