Multiple vendors' Internet Key Exchange (IKE) implementations do not properly handle IKE response packets

Overview Internet Key Exchange IKE implementations from several vendors contain buffer overflows and denial-of-service conditions. The buffer overflow vulnerabilities could permit an attacker to execute arbitrary code on a vulnerable system. Description The CERT/CC has received a report describin...

Cisco CallManager contains memory leak

Overview The Cisco Call Manager contains a vulnerability that could permit an intruder to crash the Call Manager. Description The Cisco Call Manageris software to manage telephone calls in a mixed data and voice environment. Specifically the Cisco Call Manager "extends enterprise telephony featur...

Macromedia Flash Player continues to download flash files until browser is closed

Overview Macromedia Flash 6 does not terminate connections when a web user leaves the page. These connections may consume excessive amounts of bandwidth and limit the flow of other data. Description The Macromedia Flash media format enables frame-based animations with sound to be viewed within a...

SurfControl SuperScout does not filter web requests fragmented in multiple packets

Overview SurfControl SuperScout Web Filter does not block some HTTP requests that have been fragmented into multiple packets. Description SurfControl SuperScout Web Filter is software intended for companies that wish to limit employees' web surfing to appropriate uses. SuperScout anazlyzes...

SGI IRIX rpc.xfsmd does not filter shell metacharacters from user input before invoking popen() function

Overview The XFS journaling filesystem daemon uses a call to popen3 with unfiltered client-controlled input. This will lead to arbitrary command execution on remote systems. Description XFS is a 64-bit compliant journaling file system. The XFS journaling filesystem daemon xfsmd on SGI systems use...

SGI IRIX rpc.xfsmd uses weak authentication mechanism for RPC authentication

Overview The XFS file system on SGI systems allows anonymous remote users to call xfs-related RPC functions. Description XFS is a 64-bit compliant journaling file system. The XFS journaling filesystem daemon rpc.xfsmd on SGI systems uses the default AUTHUNIX authentication mechanism a client-base...

Nevrona Designs MiraMail stores all configuration and user account information in unencrypted text file

Overview Some versions of MiraMail store username and passwords in a text file without using encryption. Description MiraMail is a news server for Windows-based hosts. Versions of MiraMail up to and including 1.04 store MiraMail user data, including usernames and passwords, in unencrypted plainte...

Buffer-overflow vulnerability in Midnight Commander

Overview The mcedit component of some versions of Midnight Commander contains a buffer-overflow vulnerability. Description Midnight Commander is a file manager for open source operating systems, distributed under the GNU General Public License GPL. In version 4.5.1 of Midnight Commander, the mced...

Talentsoft Web+ contains buffer overflow in "webpsvc.exe"

Overview Talentsoft's Web+ development platform contains a buffer overflow in a component that also installs by default into all web sites produced by Web+. Description Talentsoft Web+ is a set of tools for accelerated web site development. A component of Web+ named "webpsvc.exe" contains a buffe...

Magic Enterprise contains multiple shell scripts that allow arbitrary file overwriting via symlink redirection of temporary file

Overview Some versions of Magic eDeveloper Enterprise Edition contain a symbolic-link vulnerability that allows attackers to overwrite data or execute arbitrary commands. Description Magic eDeveloper is a development environment for large-scale and distributed applications.Magic eDeveloper...

Mac OS X Finder creates world-readable ".FBCIndex" file thereby disclosing sensitive information

Overview Mac OS X's Find-By-Content indexing may store file data where it can be served to remote users by Apache. Description The Find-By-Content feature of Mac OS X generates indexing data from the contents of files in each directory. It then stores the indexing data for each directory in a...

Multiple vendor implementations of file scanning utilities vulnerable to DoS via compressed file archive

Overview Several file scanning utilities, including some virus scanners, may fail and crash when scanning compressed file archives. Description Many file scanners will decompress compressed file archives in memory so their contents can be scanned. However, some of these scanners do not check if...

Integer overflow in xdr_array() function when deserializing the XDR stream

Overview There is an integer overflow present in the xdrarray function distributed as part of the Sun Microsystems XDR library. This overflow has been shown to lead to remotely exploitable buffer overflows in multiple applications, leading to the execution of arbitrary code. Although the library...

Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflow via network name and address lookups

Overview Buffer overflow vulnerabilities exists in the DNS stub resolver library used by BSD, ISC BIND, and GNU glibc. Other systems that use DNS resolver code derived from ISC BIND may also be affected. An attacker who is able to control DNS responses could exploit arbitrary code or cause a deni...

Directory-traversal vulnerability in Mike Spice's My Classifieds CGI script

Overview Some versions of My Classifieds contain a directory-traversal vulnerability that allows attackers to overwrite files. Description My Classifieds is a Perl CGI script, maintained by Mike Spice, that produces dynamic ad listings on a web server and allows users to edit their ads remotely...

ncompress vulnerable to buffer overflow via long filename

Overview Some versions of ncompress contain a buffer-overflow vulnerability. Description Versions 4.2.4 and earlier of ncompress do not properly handle filenames longer than 1023 characters. --- Impact By supplying long filenames to ncompress, an attacker may be able to gain local access to the...

Certain implementations of SSH1 may reveal internal cryptologic state

Overview An implementation problem in at least one Secure Shell SSH product and a weakness in the PKCS11.5 public key encryption standard allows attackers to recover plaintext of messages encrypted with SSH. Description A weakness in some SSH products using the SSH1 protocol may allow an attacker...

Oracle Configurator discloses version and host information via "test" argument passed to servlet

Overview A servlet component of Oracle Configurator may post sensitive version and host information to any Web user that makes a crafted request to the server. Description Oracle Configurator is an Internet application used to configure Oracle Application and Database Servers. If a user sends a...

ASN.1 parsing errors exist in implementations of SSL, TLS, S/MIME, PKCS#7 routines

Overview Abstract Syntax Notation number One ASN.1 is an international standard used to describe and transmit data packets between applications and across networks. There is a vulnerability related to ASN.1 that could permit an attacker to cause a denial of service or potentially execute arbitrar...

OpenSSL servers contain a remotely exploitable buffer overflow vulnerability during the SSL3 handshake process

Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the system Description Servers running OpenSSL pre-release version 0.9.7 with Kerberos...

OpenSSL contains multiple buffer overflows in buffers that are used to hold ASCII representations of integers

Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. There is a buffer overflow on 64-bit platforms related to the ASCII representation of integers. Description OpenSSL clients and servers running on 64-bit platforms prior to version 0.9.6e and pre-release...

OpenSSL servers contain a buffer overflow during the SSL2 handshake process

Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the server. Description Versions of OpenSSL servers prior to 0.9.6e and pre-release...

OpenSSL clients contain a buffer overflow during the SSL3 handshake process

Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. A remotely exploitable vulnerability exists in OpenSSL clients that could lead to the execution of arbitrary code on the client's system. Description OpenSSL clients using SSLv3 prior to version 0.9.6e and...

util-linux package vulnerable to privilege escalation when "ptmptmp" file is not removed properly when using "chfn" utility

Overview The util-linux package contains a race condition vulnerability that can be used to elevate privileges on the system. Description util-linux is shipped with Red Hat Linux and numerous other Linux distributions. It contains a collection of utility programs, such as fstab, mkfs, and chfn. T...

Sambar Web Server vulnerable to sourcecode disclosure due to improper parsing of scripts

Overview Sambar Webserver displays script contents instead of interpreting them when the user adds certain characters to the end of the script URL. Description Sambar Webserver is designed to handle CGI requests by interpreting CGI scripts to produce output returned to the client. However, due to...

Microsoft SQL Server installation process leaves sensitive information on system

Overview Microsoft SQL server versions 7.0 and 2000, as well as MSDE 1.0, may leave installation and log files on the server after the installation process is complete. These files may contain senstitive information such as passwords used during the install. Users with authenticated access to the...

Microsoft SQL Server 2000 contains denial-of-service vulnerability in SQL Server Resolution Service

Overview Microsoft SQL Server 2000 contains a vulnerability that allows remote attackers to create a denial-of-service condition between two Microsoft SQL servers. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral services for...

Microsoft SQL Server 2000 contains stack buffer overflow in SQL Server Resolution Service

Overview Microsoft SQL Server 2000 contains a remotely exploitable stack buffer overflow that allows attackers to execute arbitrary code with the same privileges as the SQL server. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral...

Microsoft SQL Server 2000 contains heap buffer overflow in SQL Server Resolution Service

Overview Microsoft SQL Server 2000 contains a remotely exploitable heap buffer overflow that allows attackers to execute arbitrary code with the same privileges as the SQL server. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral...

Microsoft SQL Server contains buffer overflow vulnerabilities in multiple extended stored procedures

Overview Microsoft SQL Server 7.0 and SQL Server 2000 contain buffer overflow vulnerabilities in multiple extended stored procedures. A remote attacker could cause a denial of service or execute arbitrary code or commands with the privileges of the SQL Server process, potentially gaining complete...

Microsoft SQL Server contains buffer overflows in several Database Consistency Checkers

Overview Microsoft SQL Server ships with several administrative tools that allow database users to elevate their administrative privileges from a single database to all databases on the server. Description Microsoft SQL Server ships with several utilities known as Database Consistency Checkers...

Microsoft SQL Server contains buffer overflow in pwdencrypt() function

Overview The Microsoft SQL Server contains a buffer overflow vulnerability that may allow remote attackers to execute arbitrary code with system privileges. Description The Microsoft SQL Server provides multiple methods for users to authenticate to SQL databases. When SQL Server Authentication is...

Microsoft SQL Server contains SQL injection vulnerability in replication stored procedures

Overview Microsoft SQL Server contains multiple SQL injection vulnerabilities that allow database users to leverage administrative privileges on a single database to execute SQL queries or operating system commands with greater privileges. Description Microsoft SQL Server provides a scripting...

Microsoft SQL Server service account registry key has weak permissions that permit privilege escalation

Overview The Microsoft SQL Server contains a vulnerability that allows remote attackers to execute arbitrary commands with system privileges. Description The Microsoft SQL Server typically runs under a dedicated "service account" that is defined by system administrators at installation time. This...

Microsoft SQL Server contains buffer overflow in code used to process "BULK INSERT" queries

Overview The Microsoft SQL Server contains a buffer overflow vulnerability that may allow remote attackers to execute arbitrary code with system privileges. Description The Microsoft SQL Server contains a buffer overflow vulnerability in the code used to process "Bulk Insert" queries. Bulk Insert...

Sun iPlanet and ONE Web Servers contain a buffer overflow in the search engine

Overview The Sun iPlanet Web Server and Sun ONE Web Server both ship with a search engine that is not enabled by default. A remotely exploitable buffer overflow exists in the search engine that could permit an attacker to execute arbitrary code on the system. Description The Sun iPlanet Web Serve...

Microsoft Windows domain name resolver service accepts responses from non-queried DNS servers by default

Overview Systems running Microsoft Windows 98, NT, Windows 2000, or Windows XP DNS resolvers accept DNS replies from any IP address, not just the ones being sent DNS requests. This may lead to domain information spoofing or DNS cache poisoning. Description Microsoft Windows systems use a caching...

PHP fails to properly parse the headers of HTTP POST requests

Overview A vulnerability has been discovered in PHP. This vulnerability could be used by a remote attacker to execute arbitrary code or crash PHP and/or the web server. Description PHP is a popular scripting language in widespread use. For more information about PHP, see...

Real Networks RealJukebox2 vulnerable to arbitrary code execution via crafted skin file

Overview RealNetwork's RealJukebox and RealONE Gold players are media applications that permit users to stream audio and video from local and internet sources. A vulnerability exists in the applications that could permit the execution of arbitrary code by a remote attacker. Description RealJukebo...

Real Networks RealONE Player vulnerable to arbitrary command execution via crafted html in the skin file

Overview RealNetwork's RealJukebox and RealONE Gold players are media applications that permit users to stream audio and video from local and internet sources. A vulnerability exists in the applications that could permit the execution of arbitrary commands by a remote attacker. Description...

Uudecode performs inadequate checks on user-specified output files

Overview The uudecode utility contains a vulnerability that allows an attacker to overwrite arbitrary files, symbolic links, and named pipes. Description The uudecode utility is used to decode files that have been encoded in the 7-bit printable format generated by uuencode. This format allows for...

Microsoft Internet Information Server (IIS) vulnerable to buffer overflow via malformed server-side include directive

Overview A buffer overflow in the code that processes server-side include files on IIS 4.0 and IIS 5.0 could allow an intruder to execute code with the privileges of the web server. Description A buffer overflow exists in the code that processes server side include directives on IIS versions 4 an...

Microsoft Windows 2000 Network Dynamic Data Exchange (DDE) executes code as Local System

Overview The Windows 2000 Network DDE agent permits local users to execute commands with system privileges. Description Dynamic Data Exchange DDE is an interprocess communication mechanism used in Microsoft Windows. A DDE share is an area of memory which is used to store and retrieve data. Networ...

eBay web site allows intruders to login to gain unauthorized access to user's information

Overview Ebay www.ebay.comis a popular online auction site. A vulnerability in the ebay web site prior to April 24, 2002, could have allowed an intruder to gain access to a victim's personal data. Description Prior to April 24, 2002, an intruder may have been able to gain access to certain person...

Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) does not adequately validate file operations

Overview The Common Desktop Environment CDE ToolTalk RPC database server does not adequately validate file operations and follows symbolic links, allowing a local attacker to overwrite any file that is writeable by the server. The ToolTalk RPC database server typically runs with root privileges...

Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) does not adequately validate file descriptor arguement to _TT_ISCLOSE()

Overview The Common Desktop Environment CDE ToolTalk RPC database server does not adequately validate a client-supplied argument, allowing attackers to overwrite certain locations in memory with zeros. This vulnerability could be exploited in a number of ways, potentially allowing attackers to:...

Apache Web Server ap_log_rerror() function discloses full path to CGI script

Overview There is a vulnerability in Apache 2.0 through 2.035 that could disclose the real path to a CGI script or other file. Description A vulnerability in the Apache web server could disclose sensitive information. Quoting from the Apache Change Log: Security Added the APLOGTOCLIENT flag to...

Buffer overflow in Windows Multiple UNC Provider (MUP) service

Overview A buffer overflow in the Microsoft Windows Multiple UNC Provider MUP could allow a local user to execute code with system privileges. Description Microsoft Windows recognizes resources identified by the Uniform Naming Convention UNC. Requests for resources identified by UNC references ar...

Network Associates PGP Outlook Plug-in contains buffer overflow in decoding mechanism

Overview A remotely exploitable buffer overflow exists in the Network Associates PGP Outlook Plug-in. Description As reported in eEye Digital Security Advisory AD20020710, a remotely exploitable buffer overflow exists in the PGP Outlook Plug-in. By sending a specially crafted message to a victim,...

SGI IRIX contains vulnerability in rpc.passwd allowing for root compromise

Overview There is a vulnerability in rpc.passwd that could allow root compromise. Description /usr/etc/rpc.passwd, part of the nfs.sw.nis subsystem on IRIX 6.5, could permit a root compromise. No other details are available. --- Impact Intruders could gain root access. --- Solution Apply a patch ...