Section:  .. / 0405-advisories  /

Page 1 of 5
<< 1 2 3 4 5 >> Files 1 - 25 of 105
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: ActivePerlSystemBOF.txt
Description:
ActiveState's ActivePerl version 5.8.0 and 5.8.3 on the Win32 platform seems to have a buffer overflow that allows for the crashing of Perl.exe.
Author:Oliver
File Size:57781
Last Modified:May 18 06:19:18 2004
MD5 Checksum:ca10a27ff71f233103693960ea389edd

 ///  File Name: fsc-2004-1.shtml
Description:
F-Secure Security Bulletin FSC-2004-1 - Certain malformed LHA archives cause a buffer overflow when scanning them for viruses. The error typically causes a restart of one of the modules in the product. This leads to performance degradation and makes denial of service attacks possible. Product lines affected: F-Secure Internet Security 2004, F-Secure Anti-Virus 2004, Solutions based on F-Secure Personal Express 4.6x and 4.7x.
Homepage:http://www.f-secure.com/security/fsc-2004-1.shtml
File Size:16901
Last Modified:May 27 01:37:27 2004
MD5 Checksum:853fa2a7a72dbfb7afae1b4645b4c8ee

 ///  File Name: advisory_private_key_compromise.htm..>
Description:
Blue Coat Security Gateway OS (SGOS) 3.x releases suffer from a private key disclosure vulnerability where the key and passphrase are stored in clear text when being imported via the web-based management console.
Homepage:http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html
File Size:16518
Last Modified:May 19 01:56:45 2004
MD5 Checksum:bb393fcd549f928a4e2e1c9101875f59

 ///  File Name: livecd91.txt
Description:
SuSE Security Announcement - A configuration error on the SuSE Live CD version 9.1 allows for a passwordless, remote root login to the system via ssh, if the computer has booted from the Live CD and if it is connected to a network.
Homepage:http://www.suse.com/
File Size:15223
Last Modified:May 9 20:09:45 2004
MD5 Checksum:dee5f18f339847c8fd8db99eb54d2f4d

 ///  File Name: 20040507-01-P.txt
Description:
SGI Security Advisory 20040507-01-P - Adam Gowdiak from the Poznan Supercomputing and Networking Center has reported that under certain conditions the /usr/sbin/cpr binary can be forced to load a user provided library while restarting the checkpointed process which can then be used to obtain root user privileges. All versions of IRIX prior to 6.5.25 are affected.
Homepage:http://support.sgi.com/
File Size:14887
Related CVE(s):CAN-2004-0134
Last Modified:May 26 23:33:25 2004
MD5 Checksum:bca7813ef568a2aec8061ef1c2246dda

 ///  File Name: dsa-498.txt
Description:
Debian Security Advisory DSA 492-1 - Steve Grubb discovered a problem in the Portable Network Graphics library libpng which is utilized in several applications. When processing a broken PNG image, the error handling routine will access memory that is out of bounds when creating an error message. Depending on machine architecture, bounds checking and other protective measures, this problem could cause the program to crash if a defective or intentionally prepared PNG image file is handled by libpng.
Author:Martin Schulze
Homepage:http://www.debian.org/security/
File Size:11392
Related CVE(s):CAN-2004-0421
Last Modified:May 4 01:08:28 2004
MD5 Checksum:82a946c0babb489599d8c36fe6ed9ee7

 ///  File Name: 20040503-01-P.asc
Description:
SGI Security Advisory 20040503-01-P - Under certain conditions, rpc.mountd goes into an infinite loop while processing some RPC requests, causing a denial of service. Affected releases: SGI IRIX 6.5.x.
Homepage:http://www.sgi.com/support/security/
File Size:9061
Last Modified:May 19 01:46:47 2004
MD5 Checksum:e771b7ecc64247707f40f03dc5da3f98

 ///  File Name: 802.11vuln.txt
Description:
AUSCERT Advisory - A vulnerability exists in hardware implementations of the IEEE 802.11 wireless protocol that allows for a trivial but effective attack against the availability of wireless local area network (WLAN) devices.
Homepage:http://www.auscert.org.au/
File Size:8280
Last Modified:May 18 05:41:35 2004
MD5 Checksum:c72c436cc778a5c208a7754dba4d14f2

 ///  File Name: 2425ouch.txt
Description:
The usage of the SCTP implementation in all versions prior to 2.4.26 of the Linux kernel are susceptible to an integer overflow.
Author:shaun2k2
File Size:8272
Last Modified:May 12 08:04:05 2004
MD5 Checksum:c881d6cde8786e43e23bca98e79c8868

 ///  File Name: eEye.symantecNBNS1.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in the Symantec firewall product line that would allow a remote, anonymous attacker to execute arbitrary code on a system running an affected version of the product. By sending a single specially-crafted NetBIOS Name Service (UDP port 137) packet to a vulnerable host, an attacker could cause an arbitrary memory location to be overwritten with data he or she controls, leading to the execution of attacker-supplied code with kernel privileges and the absolute compromise of the target. Systems Affected: Symantec Norton Internet Security 2002/2003/2004, Symantec Norton Internet Security Professional 2002/2003/2004, Symantec Norton Personal Firewall 2002/2003/2004, Symantec Client Firewall 5.01/5.1.1, Symantec Client Security 1.0/1.1/2.0(SCF 7.1), and Symantec Norton AntiSpam 2004.
Author:Derek Soeder
Homepage:http://www.eeye.com
Related File:eEye.symantecNBNS2.txt
File Size:8098
Last Modified:May 13 21:33:57 2004
MD5 Checksum:a69de10416e0a340595d1431671a5b59

 ///  File Name: waraxe-2004-SA026.txt
Description:
Multiple vulnerabilities in Coppermine Photo Gallery version 1.2.2b for PhpNuke. These range from small flaws like path disclosure, cross site scripting, and arbitrary directory browsing, to remote command execution on the underlying server.
Author:Janek Vind aka waraxe
Homepage:http://www.waraxe.us/
File Size:7454
Last Modified:May 4 05:00:51 2004
MD5 Checksum:cd1d70aec83d6377a9d7c484457221d2

 ///  File Name: lha.txt
Description:
LHa versions 1.14d to 1.14i and 1.17 suffer from buffer overflows and directory traversal flaws.
Author:Ulf Harnhammar
File Size:6898
Related CVE(s):CAN-2004-0234, CAN-2004-0235
Last Modified:May 4 06:25:06 2004
MD5 Checksum:031b3444c6323f7d1b41f760f1265411

 ///  File Name: dsa-508.txt
Description:
Debian Security Advisory DSA 508-1 - Jaguar discovered a vulnerability in one component of xpcd, a PhotoCD viewer. xpcd-svga, part of xpcd which uses svgalib to display graphics on the console, would copy user-supplied data of arbitrary length into a fixed-size buffer in the pcd_open function.
Author:Matt Zimmerman
Homepage:http://www.debian.org/security/
File Size:6509
Related CVE(s):CAN-2004-0402
Last Modified:May 26 00:17:54 2004
MD5 Checksum:230dc02db9771dfbfeb854cb7f69cf59

 ///  File Name: 0401.txt
Description:
DeleGate versions 8.9.2 and below have a remotely exploitable buffer overflow vulnerability that exists in the SSLway filter.
Author:Joel Eriksson
Homepage:http://0xbadc0ded.org/advisories/0401.txt
File Size:6219
Last Modified:May 7 23:44:21 2004
MD5 Checksum:445eeac5fcf2a83fe07bb922dd565578

 ///  File Name: 000072.html
Description:
An unspecified vulnerability in Mailman versions 2.1.4 and below allow for malicious attackers to retrieve members' passwords.
File Size:5909
Last Modified:May 26 11:38:41 2004
MD5 Checksum:b5cdde1e853645218fbe8b481ee482d7

 ///  File Name: 3COMdos.txt
Description:
SECNAP Network Security Advisory - 3com NBX IP VOIP NetSet(r) Configuration Manager is susceptible to a denial of service attack due to insufficient user input checking.
Author:Michael Scheidell
File Size:5832
Last Modified:May 4 01:05:43 2004
MD5 Checksum:3bb7c07af610e897610622095e699a47

 ///  File Name: SSRT4724.txt
Description:
Use Of TCP/IP Reserved Port Zero Causes Integrated Lights-Out (iLO) To Stop Responding. LAN management products that use port zero when accessing an Integrated Lights-Out (iLO) in a ProLiant server will cause iLO to become unresponsive. Port zero is specified as a reserved port by the Internet Engineering Task Force (IETF) and should not be used.
Homepage:http://support.openview.hp.com/
File Size:5723
Last Modified:May 28 03:24:29 2004
MD5 Checksum:b5714e865abdbd6b17af261216dbb94c

 ///  File Name: SSRT4719.txt
Description:
A potential vulnerability has been identified with HP OpenView Select Access which could be exploited to allow a remote user unauthorized access. Versions affected: HP OpenView Select Access 5.0 Patch 4, 5.1 Patch 1, 5.2, and 6.0.
Homepage:http://support.openview.hp.com/
File Size:5561
Last Modified:May 26 23:21:59 2004
MD5 Checksum:55c73c31c850f50aa4aceac74b1a4350

 ///  File Name: eEye.symantecNBNS2.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a critical remote vulnerability within the Symantec firewall product line. There is a remote heap corruption vulnerability in SYMDNS.SYS, a driver that validates NetBIOS Name Service responses, which can lead to execution of arbitrary code for various Symantec products. Successful exploitation of this flaw yields remote kernel access to the system. Systems Affected: Symantec Norton Internet Security 2002/2003/2004, Symantec Norton Internet Security Professional 2002/2003/2004, Symantec Norton Personal Firewall 2002/2003/2004, Symantec Client Firewall 5.01/5.1.1, Symantec Client Security 1.0/1.1/2.0(SCF 7.1), and Symantec Norton AntiSpam 2004.
Author:Karl Lynn
Homepage:http://www.eeye.com
Related File:eEye.symantecNBNS1.txt
File Size:5322
Last Modified:May 13 21:35:26 2004
MD5 Checksum:5eb4ad8ec8faad0f8566c38c96c95408

 ///  File Name: 042004.txt
Description:
Privilege escalation is possible for users with access to the systrace device on Net-BSD and Free-BSD.
Author:Stefan Esser
Homepage:http://www.e-matters.de
File Size:5316
Last Modified:May 12 08:33:27 2004
MD5 Checksum:49fa1fca88a85d53ede2e382323be478

 ///  File Name: 1242.html
Description:
A potential local denial of service vulnerability has been discovered in the 2.6 Linux kernel.
Author:Stas Sergeev
File Size:5245
Last Modified:May 11 06:09:56 2004
MD5 Checksum:9ceb1ef13395b37199d6235418a5bc0d

 ///  File Name: TA04-147A.txt
Description:
Technical Cyber Security Alert TA04-147A - A heap overflow vulnerability in the Concurrent Versions System (CVS) could allow a remote attacker to execute arbitrary code on a vulnerable system. Systems affected: Concurrent Versions System (CVS) versions prior to 1.11.16. CVS Features versions prior to 1.12.8.
Homepage:http://www.us-cert.gov/
File Size:4973
Related CVE(s):CAN-2004-0396
Last Modified:May 28 03:30:26 2004
MD5 Checksum:2e0d84d03979a45b15c596936a0fa348

 ///  File Name: a050304-1.txt
Description:
Atstake Security Advisory A050304-1 - The AppleFileServer provides Apple Filing Protocol (AFP) services for both Mac OS X and Mac OS X server. AFP is a protocol used to remotely mount drives, similar to NFS or SMB/CIFS. There is a pre-authentication, remotely exploitable stack buffer overflow that allows an attacker to obtain administrative privileges and execute commands as root. Versions affected are Mac OS X 10.3.3, 10.3.2, and 10.2.8.
Author:Dave G., Dino Dai Zovi
Homepage:http://www.atstake.com/research/advisories/2004/a050304-1.txt
File Size:4901
Related CVE(s):CAN-2004-0430
Last Modified:May 7 18:47:14 2004
MD5 Checksum:5de2bae707073a58346e46a1633898bb

 ///  File Name: dsa-510.txt
Description:
Debian Security Advisory DSA 510-1 - jaguar discovered a format string vulnerability in jftpgw, an FTP proxy program, whereby a remote user could potentially cause arbitrary code to be executed with the privileges of the jftpgw server process, which runs as user nobody by default.
Author:Matt Zimmerman
Homepage:http://www.debian.org/security/
File Size:4821
Related CVE(s):CAN-2004-0448
Last Modified:May 30 21:59:34 2004
MD5 Checksum:abeaaf252e7640c0ef709f46ea2e206f

 ///  File Name: enpa-sa-00014.html
Description:
Ethereal Security Advisory Enpa-sa-00014 - It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, by convincing someone to read a malformed packet trace file, or by creating a malformed color filter file. Versions affected: 0.9.8 up to and including 0.10.3.
Homepage:http://www.ethereal.com
File Size:4784
Last Modified:May 14 17:46:12 2004
MD5 Checksum:8ab2a305da29ab6d24099badba3cc475