May 2002 Advisories & Exploits
May 31 2002
Mnews E-mail and News Reader - buffer overflows exist that may allow local users to gain elevated privileges and remote users to gain access to the system
Shambala Server Discloses Clear Text Passwords to Authenticated Remote Users Via FTP and Also Lets Remote Users Crash the Web Server
Sun Ray Server With Non-Smartcard Mobility Feature May Allow Remote Users with XDMCP Clients to Login to an Arbitrary Users' Sun Ray Server Account
Advanced Maryland Automatic Network Disk Archiver (AMANDA) Buffer Overflows May Let Remote Users and Certain Local Users Gain Root Access
phpBB Image Tag Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks Against phpBB Users
May 30 2002
IBM Informix SE Database Buffer Overflow in Processing the 'INFORMIXDIR' Environment Variable May Allow Local Users to Obtain Root Privileges
Caldera CSSA-2002-SCO.23 - Open UNIX 8.0.0 and UnixWare 7.1.1 ftpd allows data connection hijacking via PASV mode.
csPassword Script May Disclose Passwords to Local or Remote Users
Quantum 'Snap Server' Network Attached Storage Device Can Be Crashed By Remote Users
FileZilla FTP Server Discloses Files Outside of the Root FTP Directory to Remote Users
Tcpdump Sniffer Has Buffer Overflow in the Processing of NFS Packets That Allows Remote Users to Crash the Sniffer
Firestorm Network Intrusion Detection System (NIDS) Can Be Crashed By Remote Users Sending Malformed IP Options
ECS K7S5A Mainboard Lack of Access Control on Boot Menu Lets Physically Local Users Make Unauthorized Changes to the Boot Process
HP Software Distributor 'swinstall' Hole Lets Local Users View Files That They Are Not Privileged to View
May 29 2002
Kismet Wireless Network Sniffing Software May Let Local Users Gain Root Access or Remote Users Execute Arbitrary Code on the System
Microsoft MS02-025 - Exchange 2000 flaw in processing a malformed SMTP command allows remote users to deny service to the server
FreeBSD-SA-02:27 - /etc/rc startup script unsafely deletes temporary files when booting, allowing local users to cause arbitrary directory contents to be deleted
FreeBSD-SA-02:26 - accept_filtering() function allows remote users to cause denial of service conditions
Jakarta Tomcat Java Server Default Installation Sample Pages Disclose Information to Remote Users
Gafware CFXImage Cold Fusion Tag Software Has Module ('showtemp.cfm') That Discloses Files on the System to Remote Users
Novell NetWare Enterprise Web Server Default Files Disclose Server Information to Remote Users
Macromedia JRun Server - ISAPI DLL buffer overflow lets remote users execute arbitrary code and could lead to taking full control of the system
'Autorun' Utility for Xandros Desktop Linux Beta Discloses a Portion of Any File to Local Users
Image Display System (IDS) CGI Script Discloses Information About Existing Directories to Remote Users
CERT CA-2002-14 - a remote buffer overflow in Macromedia JRun 3.0 or 3.1 on Windows NT4 or Windows 2000 running IIS versions 4 or 5.
Conective CLA-2002:490 - multiple vulnerabilities in mozilla
May 28 2002
Cisco VPN Linux Client - a local root vulnerability exists in the Cisco VPN client for Linux which allows a user to connect to a Cisco VPN device.
FreeBSD-SN-02:03 - multiple ports packages contain vulnerabilities, including amanda, fetchmail, gaim, gnokii, horde, imap-uw, imp, linux-netscape6, mnogosearch, mpg321, ssh2, tinyproxy, and webmin
Meteor FTP Server Command Processing Bug Lets Remote Authenticated Users Crash the Server
DataWizard FtpQX Server Buffer Overflow Lets Remote Authenticated Users Crash the Service
OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
WoltLab Burning Board Forum Lets Remote Users Hijack Newly Assigned User Accounts
3Com OfficeConnect DSL Router Address Translation Hole Lets Remote UsersGain Unauthorized Access to Ports on Hosts Behind the Router
Opera Web Browser Allows Malicious Servers to Silently Retrive Files from the Victim's System
NetScreen Firewall Can Be Made to Reboot By Remote Users That Send Long Usernames to the Device's Login Screen
Cert CS-2002-02 - quarterly summary of attack trends including those against MS SQL Server, MSN Chat, Cachefs Daemon, MS IIS, Oracle, and more.
May 27 2002
Virtual Programming's VP-ASP Shopping Cart Default Configuration May Disclose Internal Database (Including Credit Card Data) to Remote Users
Redhat RHSA-2002:084-17 - nss_ldap packages fix pam_ldap vulnerability
May 25 2002
Mailman E-mail Discussion List Software Allows Remote Users to Conduct Cross-Site Scripting Attacks
Concurrent Versions System (CVS) Off-by-one Buffer Overflow May Let Local Users Execute Arbitrary Code to Gain Elevated Privileges
PGP Public Key Server Buffer Overflow Lets Remote Users Crash the Service
IRSSI IRC Client for UNIX May Contain a Backdoor in a Certain Version of the Source Code Distribution
TightVNC Virtual Network Computing Software May Disclose Passwords to Local Users and May Allow Remote Users to Crash the Server
Sendmail =<v8.12.3 - the file locking functions contain a local denial of service.
May 24 2002
Microsoft Excel Spreadsheet XML Stylesheet ActiveX Object Flaw Lets Remote Users Create Malicious Excel Spreadsheets That May Execute Arbitrary Code When Opened With the XML Stylesheet Option
Cisco Intrusion Detection System (IDS) Device Manager Bug in Web Access Feature Lets Remote Users View Files on the Sensors
Microsoft Active Directory May Have Bug That Allows Remote Users to Crash the Directory
Sendmail Default File Permissions and Configuration Allows Local Users to Deny Service to Sendmail
Debian 'netstd' Utility Package Has Several Components With Buffer Overflows That Allow Remote Users to Execute Arbitrary Code on the System
LocalWEB2000 Web Server Discloses Password-Protected Files to Remote Users
Pharao Web Portal Software Has Multiple Flaws That Allow Remote Users to Access the System as Any User and to Read Files on the Server
Conectiva CLA-2002:489 - mailman contains cross site scripting vulnerability
May 23 2002
Cisco Security Advisory - Cisco Broadband Operating System (CBOS) for Cisco 600 Series DSL Routers has three vulnerabilities that lets remote users crash the routers
Cisco Security Advisory - ATA-186 password disclosure vulnerability
User-Mode Linux (UML) Environment System Call Breakpoint Bug Lets Local Users Execute System Calls on the Host (Outside of the UML Environment)
Microsoft Date Engine (MSDE) Default Configuration Leaves Blank Password for System Administrator Account
Opty-Way Enterprise Glassworks Management Application Installs Microsoft Data Engine Insecurely, Allowing Remote Users to Execute Commands on the System
Compaq Integrated Administrator for Compaq ProLiant Server Blade Enclosure May Allow Authenticated Remote Users to Gain Full Access to the Enclosure Operating System
Sun Solaris - in.talkd is vulnerable to a remote root format string bug which may allow an attacker to gain control
May 22 2002
Microsoft MS02-024 - Windows Debugging Facility for Windows NT4 and 2000 has authentication hole that lets local users execute arbitrary code with SYSTEM Privileges
Cisco Security Advisory - Cisco IP Phones allow remote users to cause the phone to crash and restart and allow physically local users to modify the telephone's configuration
MatuSoft's MatuFtpServer Buffer Overflow Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code on the Server
New Atlanta Communications ServletExec/ISAPI Java Server Can Be Crashed By Remote Users and Discloses the Directory Path and Files in the Web Root Directory to Remote Users
YoungZSoft CMail Server Buffer Overflow Allows Remote Users to Execute Arbitrary Code to Gain Shell Access on the System
IBM DB2 Database Buffer Overflow in 'db2ckpw' Lets Local Users Gain Root Access on the System
Sun Solaris - in.rarpd reverse ARP protocol daemon may let local and remote users gain root access on the system
Deerfield WebSite Pro Windows-based Web Server May Disclose CGI Source Code to Remote Users in Certain Cases
Redhat RHSA-2002:092-11 - The UW imap daemon contains a buffer overflow which allows a logged in, remote user to execute commands on the server with the user's UID/GID.
SuSE-SA:2002:019 - A remote exploitable format string vulnerability was found in the logging routines of the dynamic DNS code of dhcpd. This vulnerability allows an attacker, usually within the LAN served by the DHCP server, to get remote root access to the host running dhcpd.
Gobbles talk.d - a format string vulnerability exists in most talkd implementations, including older linux netkits and KDE 1-3.
May 21 2002
Ethereal Network Sniffer Has Multiple Bugs That May Allow Remote Users to Send Packets to Execute Arbitrary Code or Cause the Sniffer to Hang or Crash
Fetchmail Client Buffer Overflow May Allow a Remote Mail Server to Execute Arbitrary Code on the Client System
Cisco IOS Can Be Crashed By Remote Users Sending ICMP Redirect Messages
SSH May Allow Authorized Remote Users to Bypass Server Authentication Configuration Settings and Login Using Passwords When the Server is Configured to Prohibit the Use of Passwords
Talkd Format String Hole Lets Remote Users Execute Arbitrary Code on the System
mcNews Forum Software Has Several Bugs That Disclose Files to Remote Users and Allow Remote Users to Conduct Cross-Site Scripting Attacks Against mcNews Users
Xitami Web Server Flaw in Processing Errors May Allow Remote Users to View CGI Source Code
Winamp Media Player May Disclose Certain User Passwords to Local Users
BannerWheel CGI-based Banner Display Management Software Buffer Overflows May Let Remote Users Execute Arbitrary Code Via the Management Interface
Sun AnswerBook2 'gettransbitmap' Buffer Overflow Lets Remote Users Execute Arbitrary Code
Ipswitch's IMail Server Buffer Overflow in LDAP Service Lets Remote Users Execute Arbitrary Code with SYSTEM Level Privileges
Mandrake MDKSA-2002:033 - a vulerability exists that allows a remote attacker to login to Webmin as any user.
May 20 2002
'bzip2' File Compression Utility May Allow Local Users to Be Able to Read the Contents of Privileged Files
FreeBSD SA-02:24 - K5su kerberos-based su utility fails to limit access to only 'wheel' group users
ViewCVS Web-based CVS Interface Allows Cross-Site Scripting Attacks Against ViewCVS Users
May 18 2002
Xerox DocuTech Publishing System Has Insecure Default Configuration for the System Controllers, Letting Remote Users Take Full Control of the System
Multiple CGI Scripts From CGIScript.net Disclose the Installation Path to Remote Users
May 17 2002
Phorum Bulletin Board Software Has PHP Include Bug in 'plugin.php' Lets Remote Users Execute Arbitrary PHP Code and Shell Commands on the Server
Quake II Game Server May Disclose Sensitive Information, Including Passwords, to Remote Users
Swatch Log File Monitor Has Bug in the Throttling Code That May Cause Some Events to Be Missed
SonicWALL SOHO Firewall Device Log File Filtering Hole Lets Remote Users on the Local Network Inject Scripting into Log Files for Denial of Service or Potential Cross-Site Scripting Attacks
Hosting Controller Software for Web Hosting Companies Has Input Validation Errors in 'dsnmanager.asp' and 'imp_rootdir.asp' Scripts That Allow Remote Users to View Files on the System and Upload and Copy Files With Administrator Privileges
XMB Group Magic Lantern Forum Software Discloses Log Files and Server Installation Path Information to Remote Users
'sliplogin' Serial Line IP Utility Buffer Overflow May Possibly Allow Local Users to Gain Elevated Privileges
Parallel URL Fetcher ('puf') Format String Error May Let Remote Users Cause Arbitrary Commands to Be Executed
'mpg321' Audio Player Buffer Overflow May Let Remote Users Cause the Player to Execute Arbitrary Code
May 16 2002
SuSE Linux 'shadow' Password Management Utility May Let Local Users Obtain Elevated Group Privileges
Sharutils Package Uudecode Component Fails to Check for Symlinks When Decoding to a Temporary File, Allowing Local Users to Potentially Gain Elevated Privileges
May 15 2002
Microsoft MS02-023 - 6 different fixes for Internet Explorer (IE) including new content-disposition bugs may let remote users execute arbitrary code on the victim's computer. Zone spoofing hole lets remote users create HTML that when loaded may run in a less-secure IE security zone.
WolfMail Perl-based CGI E-mailer Lets Remote Users Send Mail (SPAM) Using Arbitrary 'From' Addresses
Cisco ACNS Content Software - (Cache Engines and Content Engines) may let remote users open unauthorized connections to arbitrary ports and addresses
Cisco Security Advisory - Cisco Content Service Switch (CSS) 11000 can be reset by remote users by improper handling of HTTP POST requests
Opera Browser Frame Location Bug Lets Remote Users Cause Arbitrary Javascript to Be Executed in the Incorrect Security Domain to Access Cookies and Other Sensitive Information
Sun Microsystems SunATM 'atmsnmpd' Daemon Allows Remote Users to Crash the Daemon
Microsoft Internet Explorer Bugs in 'BGSOUND' and 'IFRAME' Tags Let Remote Users Create HTML That Will Cause Denial of Service Conditions or Will Access Special DOS Devices
SuSE-SA:2002:018 - lukemftp ftp client buffer overflow in processing server-supplied PASV commands may allow remote ftp servers to cause arbitrary code to be executed on the ftp client
May 14 2002
NetPad Text Editing CGI Script Input Validation Flaws Let Remote Users View Files and Execute Shell Commands
NOCC PHP-based Webmail Client Software Displays Message Text as HTML Without Filtering, Allowing a Remote User to Access the Victim's Mailbox Using a Cross-Site Scripting Attack
May 13 2002
nCipher MSCAPI CSP Install Wizard Bug May Result in Generated Keys That Are Not Protected By Smart Cards Even if the User Requests This Protection
NetWin DNews News Server Has Unspecified 'Security Fault' That May Allow Remote Users to Access the Management Interface
Gaim Instant Messaging Client Lets Local Users Access the Hotmail Accounts of Other Active Gaim Users
May 11 2002
mnoGoSearch SQL-based Search Engine Software Has Heap Overflow That Lets Remote Users Execute Arbitrary Code with the Privileges of the Web Server
Cisco ATA 186 Analog Telephone Adaptor Discloses Device Password to Remote Users and May Also Let Remote Users Modify the Configuration Without Having the Password
AOL Instant Messenger (AIM) Bug in 'aim:AddBuddy' Link Processing May Let Remote Users Cause the AIM Client to Crash
Perl-Digest-MD5 Utility May Result in Incorrect MD5 Checksums When Processing UTF-8 Encoded Characters
May 10 2002
BEA Systems WebLogic Server and Express May Disclose an Administrative Password to Local Users
BEA Systems WebLogic Server Default Management Servlet Discloses the Contents of Files in Certain Subdirectories to Remote Users
4D Webserver v6.7.3 - An attacker can overflow the username or password field in a basic authentication resulting in EIP overwrite and possible arbitrary code execution.
Critical Path inJoin Directory Server 'iCon' Management Interface Allows Cross-Site Scripting Attacks Against Administrators
Critical Path inJoin Directory Server 'iCon' Web Administration Interface Discloses Files on the System to Authenticated Remote Users
uw-imap - University of Washington IMAP Toolkit (uw-imap) has buffer overflow that may let remote users execute arbitrary code with user-level privileges on the system
CERT CA-2002-13 - buffer overflow in Microsoft's MSN Chat ActiveX Control that may permit a remote attacker to execute arbitrary code with permissions of the user.
Novell Border Manager 3.6 SP 1a - three vulnerabilities that can cause a denial of service.
Novell Netware Client v4.83 - The Windows client can allow an attacker to crash any software that relies on name resolution.
Redhat RHSA-2002:081-06 - perl-Digest-MD5 UTF8 bug results in incorrect MD5 sums.
May 9 2002
Yahoo! Messenger Client Discloses Buddy List Contents to Local Users
Cisco BTS 10200 Softswitch Underlying Operating System Contains Network Time Daemon (NTP) Buffer Overflow That May Allow a Remote User to Crash the Device or Execute Arbitrary Code
Cisco IP Manager Underlying Operating System Contains Network Time Daemon (NTP) Buffer Overflow That May Allow a Remote User to Crash the Device or Execute Arbitrary Code
Cisco Media Gateway Controller (MGC) Product Line Underlying Operating System Contains Network Time Daemon (NTP) Buffer Overflow That May Allow a Remote User to Crash the Device
OpenBSD - any local user can fill the kernel file descriptors table, leding to a denial of service and possibly obtain root access.
Novell NetWare 6.0 SP1 - FTP Server errors in handling unexpected input let remote users cause the server to consume all available CPU resources
Usermin Session ID Spoofing Hole May Allow Remote Users to Gain Root Access to the System
Webmin Session ID Spoofing Hole May Allow Remote Users to Gain Root Access to the System
Network Associates PGP 'Wipe Deleted Files' Option Fails to Wipe Clear Text Temporary Files Used by the Windows 2000 Encrypted File System Feature
SGI 'fsr_xfs' XFS Filesystem Reorganizer May Let Local Users Obtain Root Access
Ecometry's SGDynamo Web Application Engine Allows Remote Users to Conduct Cross-Site Scripting Attacks
Mandrake MDKSA-2002:030 - iptables can leak information about how port forwarding is accomplished in unfiltered ICMP packets
Redhat RHSA-2002:086-05 - Netfilter ("iptables") can leak information about how port forwarding is done in unfiltered ICMP packets.
May 8 2002
Microsoft MSN Chat - ActiveX Control has ResDLL parameter buffer overflow that lets remote users execute arbitrary code
Microsoft Exchange Instant Messenger 4.5 and 4.6 - ActiveX Control has ResDLL parameter buffer overflow that lets remote users execute arbitrary code
Microsoft MS02-022 - unchecked buffer in MSN Chat control can lead to code execution
Usermin Remote Access Utility May Allow Cross-Site Scripting Attacks
Webmin User Management Tool May Allow Cross-Site Scripting Attacks
Internet Software Consortium DHCP Implementation Has Format String Hole That Lets Remote Users Gain Root Access
Cisco IOS Systems Contain Network Time Daemon (NTP) Buffer Overflow That May Allow a Remote User to Crash the Device
Novell NetWare IPX Compatibility Port Allows Remote Users to Cause the System to Crash
Novel Border Manager Firewall Can Be Crashed By Remote Users Sending Specially Crafted Packets to the FTP Proxy, IP/IPX Gateway, or RTSP Proxy Ports
Linux Netfilter Firewall Has ICMP Address Translation Bug That Leaks Internal Address and Port Number Data to Remote Users
Novell NetWare Client Has Buffer Overflows in the Resolution of Long Host Names
SuSE-SA:2002:016 - ifup-dhcp script may let remote users execute arbitrary commands with root privileges under certain DHCP configurations
HP-UX Virtualvault iPlanet Web Server May Allow Remote Connections to the Administration Server
L.Y.S.I.A.S. Lidik Web Server for Microsoft Windows Systems Lets Remote Users View Files Located Anywhere on the Partition
Intel BIOS Bug Lets Physically Local Users Boot From Alternate Boot Media Even When The Supervisor Password is Set
CERT CA-2002-12 - format string vulnerability in ISC DHCPD 3.0 to 3.0.1rc8 inclusive that allows remote users to execute arbitrary code
May 7 2002
MDaemon Mail Server WorldClient Buffer Overflow Lets Authenticated Remote Users Execute Arbitrary Code on the Server with SYSTEM Privileges
SGI IRIX 20020503-01-I - netstat may let local users detect the presence of files regardless of file permissions
Pointsec for Palm OS Discloses the User's PIN Code to Physically Local Users
Microsoft Office 'Word Mail Merge' Feature Allows Remote Users to Cause Arbitrary Programs to Be Executed on the Target User's Computer
HP-UX 'ndd' Network Tuning Utility Has Unspecified Problem That May Let Local Users Cause Denial of Service Conditions
Microsoft MSN Messenger Instant Messaging Client Malformed Header Processing Flaw Lets Remote Users Crash the Client
'pam_ldap' LDAP-based Authentication Module Format String Bug Lets Local Users Obtain Root Level Access
Logitech iTouch Keyboard and Keyboard Software Can Bypass Computer Locking Protections and Execute Certain iTouch-assigned Programs When Locked
b2 Weblog Software Uses Relative Include Path That Allows Remote Users to Execute Arbitrary Shell Commands on the System
SuSE-SA:2002:015 - An attacker could send a maliciously formated image file to trigger a Denial-of-Service attack or even execute arbitrary code on the victim's machine.
May 6 2002
'ASP Client Check' SQL Injection Hole Lets Remote Users Bypass Authentication and Gain Access to Restricted Pages
Squid_auth_ldap LDAP Authentication Module for the Squid Proxy Server Has Format String Bugs That Let Remote Users Execute Arbitrary Shell Commands on the System
Another AOL Instant Messenger (AIM) TLV Buffer Overflow Lets Remote Users Execute Arbitrary Code on Another User's AIM Client
Webglimpse Search Engine Filtering Flaw May Allow Remote Users to Conduct Cross-Site Scripting Attacks Against Users of Sites Running Webglimpse
CERT CA-2002-11 - heap overflow in cachefs daemon (cachefsd) in Sun Solaris 2.5.1, 2.6, 7, and 8 (SPARC and Intel Architectures) that allows remote users to execute arbitrary code as the cachefs daemon.
ISC DHCPDv3 - format string bug that can lead to a remote root compromise
May 2 2002
Nautilus GNOME Shell and File Manager Symlink Hole May Let Local Users Cause Other Users' to Overwrite Files on the System
4D Web Server Buffer Overflow in Processing Basic HTTP Authentication Lets Remote Users Crash the Server and May Allow Arbitrary Code to Be Executed
Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
alterMIME Null Byte Overflow May Allow a Remote User to Cause the Application to Crash
SnapGear LITE+ Firewall - a malicious user can cause a Denial of Service situation, where part of or all of the Firewall would cease to function
(SGI Issues Fix) XFree Xlib Buffer Overflow May Let Local Users Exploit Linked Programs to Gain Elevated Privileges
Yahoo! Instant Messenger - multiple vulnerabilities related to buffer overflows and scripting flaws that can let remote users execute arbitrary code on another user's messenger client
May 1 2002
SGI IRIX 20020501-01-I - name service daemon (nsd) symlink bug may let local users obtain root privileges on the system
Caldera CSSA-2002-SCO.17 - OpenServer System Activity Reporter (sar) command line buffer overflow may let local users gain elevated privileges
Red Hat DocBook Document Conversion Tool May Allow Remote Users to Cause Arbitrary File Names to be Used for Storing a Convered HTML Document
HP FTPSRVR FTP Server for MPE/iX Operating System May Allow Remote Users to Gain Access to the System
SGI IRIX Performance Metrics Collector Daemon (pcmd) Can Be Made to Consume Available Memory on the Host By Remote Users
Microsoft Internet Explorer Can Be Crashed By Incorrectly Sized XBM Graphics Files
3Com's 3CDaemon FTP Server Buffer Overflow Lets Remote Users Crash the FTP Service
SGI IRIX Operating System 'ipfilterd' Configuration Error Lets Local Users Disrupt Network Traffic
Levcgi.com's myGuestbook Input Filtering Flaw Allows Remote Users to Conduct Cross-Site Scripting Attacks Against myGuestbook Users
CERT CA-2002-10 - format string vulnerability in Sun Solaris 2.5.1, 2.6, 7, and 8 rpc.rwalld that allows users to execute code with privileges of rwall daemon.
|