CERT Advisory CA-2003-14 - A buffer overflow vulnerability exists in a shared HTML conversion library included in Microsoft Windows. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service.
8c5b5e631a493151fcc60504744b1dc0CERT Advisory CA-2003-13 - Two remote vulnerabilities in the Snort IDS, versions 1.8 through 2.0 RC allow remote execution of code as root. It is not necessary for the attacker to know the IP address of the Snort device they wish to attack; merely sending malicious traffic where it can be observed by an affected Snort sensor is sufficient to exploit these vulnerabilities. Fix available here.
30fa60b771ff2e6ee35376d17f2619f4CERT Advisory CA-2003-12 - A remote stack overflow in Sendmail 8.12.8 and below was discovered by Michal Zalewski which allows remote code execution as root. This bug is in the prescan code and is different than the recent sendmail bug described in CA-2003-07. Patch available here.
5f9042c50705af2bf508c8b6bf27dc38CERT Advisory CA-2003-11 - Multiple vulnerabilities have been reported to affect Lotus Notes clients and Domino servers v5.0.12 through 6.0.1 including six exploitable buffer overflows. TCP port 1352 is a likely conduit for attack, however Lotus Notes often listens to Netbios, SPX, or XPC ports.
faf6d46160e65b496113291bafcb82eeCERT Advisory CA-2003-10 - A buffer overflow vulnerability in SunRPC-derived XDR libraries causes several applications which use the rpcbind service to allow execution of arbitrary code or disclosure of sensitive information. In addition, intruders may be able to crash the MIT KRB5 kadmind or cause it to leak sensitive information, such as secret keys. Vulnerable code includes GNU Glibc 2.3.1 and below, Solaris 2.6, 7, 8 and 9, AIX 4.3.3 through 5.2.0, and MIT Kerberos vulnerabilities.
a1dc824b3db44b8751af7ba3c83beb73CERT Advisory CA-2003-09 - A buffer overflow vulnerability exists in Microsoft IIS 5.0 running on Microsoft Windows 2000. An overflow in ntdll.dll of WebDAV allows remote users to execute code in the local system context. See also ms03-007.
ffa2899810162a68e9c91d8cae8f7803CERT Advisory CA-2003-08 - There is increased activity targeting Windows shares over ports 137, 138, 139, and 445.
c6a335f230856f5bc465110717f36e8dCERT Advisory CA-2003-07 - Sendmail prior to 8.12.8 has a remote root vulnerability which can be exploited by a malicious mail message, allowing non-vulnerable MTA's to relay the exploit message to unpatched MTA's on an internal network. A successful attack against an unpatched sendmail system will not leave any messages in the logs. All Sendmail Pro, Sendmail Switch, and Sendmail for NT are also vulnerable. Fix available here.
137522a297a47bd898379d3ef460199cCERT Advisory CA-2003-06 - Numerous vulnerabilities have been reported in multiple vendor implementations of the Session Initiation Protocol, or SIP, which may allow an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior.
967409fbce6d95e1ba77b3f2800714d8CERT Advisory CA-2003-05 - Systems running Oracle8 Database v 8.0.6, 8.1.7, Oracle9i Database (Release 1 and 2), and Oracle9i Application Server (Release 9.0.2 and 9.0.3) contain multiple remote vulnerabilities which can lead to the execution of arbitrary code, allow users to modify database records, or cause a denial of service, breaking the database.
22a4447df0df965497ab612a64c1a15aCERT Advisory CA-2003-04 - A quickly spreading Microsoft SQL worm exploits two vulnerabilities in Microsoft SQL Server 2000 over udp port 1434.
9a3232db2280856d044de3dc8eaac1afCERT Advisory CA-2003-03 - Windows NT, 2000, and XP contains a buffer overflow in the Windows Locator service that allows remote attackers to execute arbitrary code via the netbios ports. More information available ms03-001.
e25389d4f4430a44f678578aad102a83CERT Advisory CA-2003-02 - Systems running CVS Home project versions of CVS prior to 1.11.5 allow non-authenticated remote attackers with read only access to execute arbitrary code. Vendor status information available here.
96bcee114c70021a72d131f47f8011d4CERT Advisory CA-2003-01 - There are multiple stack-based buffer overflows in ISC DHCP that are exploitable by sending a DHCP message containing a large hostname value allowing remote attackers to execute code with the privileges of the user running dhcpd.
d17c624c49bad511e5dac22b8cce69a6CERT Advisory CA-2002-37 - A buffer overflow vulnerability in the Microsoft Windows Shell allows remote attackers to execute arbitrary code via malicious email message, malicious web page, or browsing through a folder containing a malicious .MP3 or .WMA file. More information available here.
e94145ac24db820aa7d84da855aa5755CERT Advisory CA-2002-36 - Multiple vendors' implementations of the secure shell (SSH) transport layer protocol contain vulnerabilities that could allow a remote attacker to execute arbitrary code with the privileges of the SSH process or cause a denial of service. The vulnerabilities affect SSH clients and servers, and they occur before user authentication takes place. OpenSSH is not vulnerable. More information available here.
393e90df79d2e0d58203125c9bb58ff0CERT Advisory CA-2002-35 - Cobalt Raq4 systems with the Security Hardening Package installed allow remote attackers to execute code as root because overflow.cgi does not adequately filter input destined for the email variable.
026cbf3d80a30a687e152121d00ddeb6CERT Quarterly Summary CS-2002-04 - Popular vulnerabilities being exploited by attackers these days include an Apache/mod_ssl worm, OpenSSL bugs, Trojan horse sendmail, libpcap, and tcpdump, multiple BIND bugs, and a heap overflow in Microsoft MDAC.
b577896ae5b0e164f58fb07ec0cc609eCERT Advisory CA-2002-34 - The Solaris X Window Font Service (XFS) daemon (fs.auto) on Solaris 2.5.1 - 9 contains a remotely exploitable user nobody buffer overflow on Sparc and X86. More information available here.
e6268b7f2e6e9e048615738ffeb05c49CERT Advisory CA-2002-33 - Heap Overflow Vulnerability in Microsoft Data. A routine in the RDS component, specifically the RDS Data Stub function, contains an unchecked buffer. The RDS Data Stub function's purpose is to parse incoming HTTP requests and generate RDS commands. This unchecked buffer could be exploited to cause a heap overflow.
b5c22892f43bdc3b7483e26eba6523ceCERT Advisory CA-2002-32 - Backdoor in Alcatel OmniSwitch 7700 and 7800 AOS version 5.1.1. A telnet server listens on TCP port number 6778, a backdoor that was originally used during development to access the Wind River Vx-Works operating system. Due to an oversight, this access was not removed prior to product release.
bb91a5a0f11171433192ade8fc82b9ccCERT Advisory CA-2002-31 - BIND 8 has vulnerabilities that may allow remote attackers to execute arbitrary code with the privileges of the user running named which is usually root, or with the privileges of vulnerable client applications. The other vulnerabilities will allow remote attackers to disrupt the normal operation of DNS name service running on victim servers.
7911dbfee02e3e41e0f329b0d8fdff46CERT Advisory CA-2002-30 - Released source code distributions of the libpcap and tcpdump packages were modified by an intruder and contain a trojan horse which, upon compile time, remote grabs a file from a fixed IP address which it then compiles and runs. The binary then goes to a fixed IP address and gets a one character response which enables the remote machine to trigger the spawning of a shell to the remote machine. The backdoor also explicitly ignores all traffic on port 1963.
e54c4be958885a0de93635a5937a757fCERT Advisory CA-2002-29 - Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges.
5bc3502dfd425743f5896240e081ff72CERT Advisory CA-2002-28 - Sendmail 8.12.6 was backdoored on September 28, 2002 to include a trojan which executes commands via outbound port 6667 connections.
f6a94b46de29c16173327843a102489e
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed