Intel® Security Vulnerabilities

Vulnerability in 3Com® OfficeConnect® Remote 812 ADSL Router

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Vulnerability in 3Com® OfficeConnect® Remote 812 ADSL Router Date: 27-05-2002 Impact: A vulnerability in PAT (Port Address Translation) allow access to all ports in the computer behind the router. Author: ...

KPMG-2002018: Pointsec for PalmOS PIN disclosure

Title: Pointsec for PalmOS PIN disclosure BUG-ID: 2002018 Released: 03rd May 2002 Discovered by: Laurens Binken, KPMG IRM, the Netherlands Problem: Pointsec software for PalmOS stores it's authentication credentials in clear-text in memory. These credentials (the PIN code) can be retrieved in a...

IRIX hpsnmpd vulnerability

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title: IRIX hpsnmpd vulnerability Number: 20020404-01-P Date: April 24, 2002 Reference: CERT CA-2002-03 Reference: CVE CAN-2002-0012 Reference: CVE CAN-2002-0013 --- Issue...

Security Advisory: Vulnerability in zlib library

Cisco Security Advisory: Vulnerability in the zlib Compression Library Revision 1.0 For Public Release 2002 April 03 16:00 (UTC +0000) Contents Summary Affected Products Details Impact Software Versions and Fixes Obtaining Fixed Software Workarounds Exploitation and Public Announcements Status of.....

IRIX SNMP Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title: SNMP Vulnerabilities Number: 20020201-01-P Date: April 3, 2002 Reference: CERT CA-2002-03 Reference: CVE CAN-2002-0013 Reference: CVE CAN-2002-0017 SGI provides this information...

CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable)

CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable) Name : csSearch.cgi - Remote Code Execution Date : March 25, 2002 Product : csSearch Version : 2.3 (vulnerable) Vuln Type : Access Validation Error Severity : HIGH RISK Vendor :...

IMail Account hijack through the Web Interface

Advisory Title: IMail Account hijack through the Web Interface Release Date: 10/03/2002 Application: IMail Server Platform: Windows NT4 Windows 2000 Windows XP Version: 7.05 or earlier Severity: Malicious users can easily access other people's accounts. Author: Obscure^ [...

Cisco Security Advisory: Data Leak with Cisco Express Forwarding

-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Data Leak with Cisco Express Forwarding Enabled Revision 1.0 For Public Release 2002 February 27 08:00 (UTC -0800) Summary All Cisco devices running Cisco IOS® and having Cisco Express Forwarding (CEF) enabled can leak information from...

Multiple vulnerabilities in SNMPv1 request handling

Overview Multiple vendor SNMPv1 GetRequest, GetNextRequest__, and SetRequest message handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior. If your site uses SNMP in any capacity, the CERT/CC encourages...

Multiple vulnerabilities in SNMPv1 trap handling

Overview Multiple vendor SNMPv1 _Trap _handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below....

System V derived login contains a remotely exploitable buffer overflow

Overview A remotely exploitable buffer overflow exists in implementations of login, derived from System V. An attacker can use this vulnerability to gain the privileges of the process that invoked login, user root in the cases of in.telnetd, or in.rlogind. We have been able to determine that...

Cisco Security Advisory: IOS ARP Table Overwrite Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Cisco IOS ARP Table Overwrite Vulnerability Revision 1.0 For Release 2001 November 15 08:00 AM US/Pacific (UTC -0700) Summary It is possible to send an Address Resolution Protocol (ARP) packet on a local broadcast interface (for example:.....

Cisco Security Advisory: ICMP Unreachable vulnerability in Cisco 12000 Series

-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: ICMP Unreachable vulnerability in Cisco 12000 Series Internet Router Revision 1.0 For Public Release 2001 November 14 08:00 (UTC -0800) ___________ Summary The performance of Cisco 12000 series...

Security Advisory: Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router

-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router Revision 1.0 For Public Release 2001 November 14 08:00 (UTC -0800) ___________ Summary Six vulnerabilities involving...

Cisco IOS and CatOS fail to properly validate ARP packets thereby overwriting device's MAC address in ARP table

Overview There is a denial-of-service vulnerability in specific versions of Cisco IOS or CatOS. Description A denial-of-service vulnerability exists in specific versions of Cisco IOS or CatOS. This vulnerability can cause the device to crash or become unavailable if specially crafted arp packets...

Stock portfolio sent via clear text in Datek Streamer® application

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 S4R - A Managed Services Company Security - Systems - Storage - Solutions http://www.s4r.com [email protected] Title: Stock portfolio sent via clear text in Datek Streamer® application Date: November 9, 2001 Description Although the user's primary...

3Com® HomeConnect® Cable Modem Denial of Service

INFO: object class Failure to Handle Exceptional Conditions remote Yes local No vulnerable: 3Com® HomeConnect® Cable Modem External with USB (#3CR29223 -- DISCONTINUED) Not Tested: (#3CR29223-A -- DISCONTINUED) DISCUSSION: HomeConnect is and External Cable modem manufactured by 3Com, and...

Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) module permits telnet access when no password has been set

Overview The Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) module permits unauthenticated telnet access when no password has been set. Description The Access Concentrator Node Route Processor is a router blade for the Cisco 6400. It's purpose is to aggregate and terminate incoming...

BSD Line Printer Daemon vulnerable to buffer overflow via crafted print request

Overview The line printer daemon enables various clients to share printers over a network. There exists a buffer overflow vulnerability in this daemon that permits remote execution of arbitrary commands with elevated privileges. Description There is a buffer overflow in several implementations of.....

Cisco IOS vulnerable to DoS via crafted PPTP packet sent to port 1723/tcp

Overview Cisco IOS contains a vulnerability that allows an intruder to crash the router. Description By sending a specially crafted PPTP packet to port 1723, an intruder can crash a device running a vulnerable version of IOS. Quoting from the Cisco Advisory: By sending a crafted PPTP packet to a...

Security Advisory: Cisco IOS PPTP Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Cisco IOS PPTP vulnerability Revision 1.0 For Public Release 2001 July 12 08:00 (UTC -0800) ___________ Summary Point to Point Tunneling Protocol (PPTP) allows users to tunnel to an Internet Protocol (IP) network using a...

Security Advisory: IOS HTTP authorization vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Security Advisory: IOS HTTP authorization vulnerability Revision 1.0 - INTERIM For public release 2001 June 27 08:00 (UTC -0800) ___________ Summary When HTTP server is enabled and local authorization is used, it is possible, under some...

Cisco Security Advisory: Cisco 6400 NRP2 Telnet Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Cisco 6400 NRP2 Telnet Vulnerability Revision 1.0 For Public Release 2001 June 14 at 1500 UTC Summary The Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) module allows Telnet access when no password has been set. The correct.....

Security Advisory: IOS Reload after Scanning Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Security Advisory: IOS Reload after Scanning Vulnerability Revision 1.0 For Public Release 2001 May 24 08:00 (UTC -0800) Summary Security Scanning software can cause a memory error in Cisco IOS® Software that will cause a reload to occur. This vulnerability...

Cisco IOS vulnerable to DoS via unrecognized transitive attribute in BGP UPDATE

Overview There is a denial-of-service vulnerability in several specific but common configurations of Cisco IOS. Description There is a problem involving BGP updates on Cisco routers with BGP4 Prefix Filtering and Inbound Route Maps enabled. A route update with an unrecognized transitive attribute.....

RhinoSoft FTP Voyager FtpTree incorrectly marked "safe for scripting"

Overview FTP Voyager is an FTP client implemented as an ActiveX control. It is incorrectly marked as "safe for scripting" allowing malicious web pages or email messages to upload and download files. Description FTP Voyager is an FTP client implemented as an ActiveX control. An ActiveX control may.....

ssh1.crc32.txt

...

Quick Analysiss of the recent crc32 ssh(d) bug

Abstract This article discusses the recently discovered security hole in the crc32 attack detector as found in common ssh packages like OpenSSH and derivates using the ssh-1 protocoll. There is a possible overflow during assignemnet from 32bit integer to 16bit wide one leading to unmasked hash...

SUBMISSION - multiple vulnerabilities in Prospero 1.3.5 CGI

= Warped Force Advisory = Author: darkyoda <[email protected]> Subject: Multiple vulnerabilities in Prospero 1.3.5 CGI Discovered: 12.15.00 Announced: 2.1.01 Vendor Status: Maintainer notified 12.27.00. New version...

Security Bulletin MS00-100

Microsoft Security Bulletin (MS00-100) Patch Available for “Malformed Web Form Submission” Vulnerability Originally posted: December 22, 2000 Summary Microsoft has released a patch that eliminates a security vulnerability in a component that ships as part of Microsoft® Internet Information...

Advisory: Circumventing Authentication in ALL VPNet VPN Devices

-----------------.---------------------------------------------. /| | . | / | : : : : : : | | | :: ------ :: : :: | :: - |----- | | :: :...

Security Bulletin (MS00-093)

Microsoft Security Bulletin (MS00-093) Patch Available for "Browser Print Template" and "File Upload via Form" Vulnerabilities Originally posted: December 01, 2000 Summary Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer: The...

I-gear 3.5.x for Microsoft Proxy logging vulnerability + temporary fix.

Hello everyone, this message is generated after several hours with Symantec Tech support and my personal research of the issue. The issue is confirmed to be a problem by Symantec® . Platform: I-gear 3.5.6 (and 3.5.7-x) for MSP Proxy 2.0 ; Windows NT 4.0 SP6; MSP 2.0 SP1; PowerEdge 2300 dual 450;...

Intel Express Switch 500 series DoS

Intel Express Switch 500 series DoS Advisory Code: VIGILANTE-2000007 Release Date: August 28, 2000 Systems Affected: Intel Express Switch 550F - Firmware version 2.63 - Firmware version 2.64 Based on the response from Intel (quoted below), it is very likely that other switches from the same...

VIGILANTE-2000007

...

IIS 5.0 cross site scripting vulnerability - using .shtml files or /_vti_bin/shtml.dll

Georgi Guninski security advisory #19, 2000 IIS 5.0 cross site scripting vulnerability - using .shtml files or /_vti_bin/shtml.dll This advisory describes two vulnerabilites (one is already fixed by Microsoft) but I decided to put them together. Systems affected: IIS 5.0/Windows 2000. Exploited...

TelSrv Reveals Usernames & Passwords After DoS Attack

Details Application: GAMSoft's TelSrv 1.5 (could be more... I don't have time to check, nor do I have the other programs) Problem Type: Denial of Service Attack - Reveals User Names & Passwords Author: Patrick Webster (mailto:[email protected]) Platform: Win95 (could be more again... unable to...

MICROSOFT SECURITY FLAW?

Saturday, May 13, 2000 MICROSOFT SECURITY FLAW? Silent delivery and installation of an executable on a target computer. No client input other than opening an email or newsgroup post. Using the following this can be accomplished with the default installation of Windows 95 and 98 and Internet...

Microsoft Windows 95/Windows for Workgroups - 'smbclient' Directory Traversal

...

Microsoft Windows 95Windows for Workgroups - smbclient Directory Traversal

Microsoft Windows 95Windows for Workgroups - smbclient Directory...

Compute Cluster Pack

The Compute Cluster Pack product category will include updates for the Microsoft® Compute Cluster Pack, including service packs, optional updates, and critical or security updates. Updates offered through this category will apply only to computers running Compute Cluster Pack...

Security Update for Microsoft Windows XP (KB828035)

A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft® Windows® XP and gain complete control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart...

Security Update for Microsoft Windows 2000 (KB826232)

A security issue has been identified that could allow an attacker to read files or run programs on a computer, running Microsoft® Windows® 2000, that has been used to view an attacker's Web site or has read a specially crafted HTML e-mail. You can help protect your computer by installing this...

Compute Cluster Pack Service Pack 1

Microsoft® Compute Cluster Pack Service Pack 1 (SP1) provides improved reliability and performance for Windows compute clusters. This service pack provides support for Windows Server® 2003 with Service Pack 2 (SP2) and Windows Deployment Services. In addition, this service pack supports the...

Security Update for Microsoft Windows Server 2003 (KB828035)

A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft® Windows® Server 2003 and gain complete control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to...

Q329390: Security Update

An identified security vulnerability in Windows XP could enable an attacker to compromise a user's Microsoft® Windows®-based computer and gain complete control over it, if the user visited the attacker's web site or took other, less likely, actions. You can help protect your computer from this...

Security Update for Microsoft Windows 2000 (KB825119)

A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft® Windows® 2000 and gain complete control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart.....

Security Update for Windows 2000 (815021)

An identified security vulnerability in Microsoft® Windows 2000 could allow an attacker to take control of the computer. This issue is most likely to affect computers used as web servers. You can help protect your computer from this and other identified issues by installing this update from...

Security Update for Windows Server 2003 (819696)

An identified security issue in Microsoft® DirectX® could allow an attacker to run programs on a computer running Microsoft® Windows® Server 2003. The attacker would first have to send you an e-mail message or entice you into visiting a malicious Web site. You can help protect your computer by...

Security Update for Microsoft Windows Server 2003 (KB825119)

A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft® Windows® Server 2003 and gain complete control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to...