NAI Security Advisory - Multiple FTP server implementations contain buffer overflows that allow local and remote attackers to gain root privileges on affected servers. These vulnerabilities are contingent upon the remote user having the ability to create directories on the server hosting the FTP daemon, with the exception of a few cases noted below. The vulnerabilities presented are all related to the use of the glob() function, and can be divided into the following two categories - glob() expansion vulnerabilities and glob() implementation vulnerabilities. Vulnerable FTP servers include OpenBSD, NetBSD, FreeBSD, Irix, HPUX 11, and Solaris 8.
779b9a6bfb8d165fb8719eea4d80f593Network Associates Security Advisory COVERT-2001-01 - BIND v8.2.2 to 8.2.3-T9B contains buffer overflows that allows a remote attacker to execute arbitrary code. The overflow is in the initial processing of a DNS request and therefore does not require an attacker to control an authoritative DNS server. This vulnerability not dependent upon configuration options and affects both recursive and non-recursive servers. Additional remote format string and buffer overflows affect v8.2 through 8.2.3-T9B and v4.9.3 to v4.9.7. ISC's description of the problems available here.
300621728056a0b531ba421eeafa6e35Network Associates COVERT Labs Security Advisory - The Microsoft Windows implementation of NetBIOS allows an unsolicited UDP datagram to remotely deny access to services offered by registered NetBIOS names. An attacker can remotely shut down all Domain Logins, the ability to access SMB shares, and NetBIOS name resolution services. Vulnerable systems include all versions of Microsoft Windows 95, 98, NT and 2000.
a78582c296f1b1c6a467efce197c7b7eNetwork Associates COVERT Labs Security Advisory - The indexing utility webfind.exe distributed with O'Reilly WebSite Professional contains an unchecked buffer allowing for the remote execution of arbitrary code on vulnerable hosts.
55b50ec5a8bef2c7e60b160dbdaa9070Network Associates COVERT Labs Security Advisory - The L-Soft LISTSERV web archive (wa,wa.exe) component contains an unchecked buffer allowing remote execution of arbitrary code with the privileges of the LISTSERV daemon. Vulnerable systems include L-Soft LISTSERV Web Archives 1.8d (confirmed) and 1.8c (inferred) for Windows 9x, Windows NT 3.5x, Windows NT 4.0, Windows 2000, UNIX (all vendors), and OpenVMS VAX.
58af72d4575b8af155ed349ceb0f7589Network Associates Security Advisory - Remote Vulnerability in the MMDF SMTP Daemon. A bug in MMDF allows anyone to obtain mail management privileges via the SMTP daemon, and then root. All versions of MMDF prior to 2.43 are vulnerable, including the version included with SCO Openserver.
ff594df66e7715fbbc276f372244ab93Network Associates Security Advisory - A vulnerability in the ARCserve agent script allows local attackers to obtain root privileges and overwrite/insert data into arbitrary files.
0833b7e71ac6118a0de58807cd0a19efNetwork Associates, Inc. Security Advisory - Windows NT LSA Remote Denial of Service. An implementation flaw in the Local Security Authority subsystem of Windows NT, known as the LSA, allows both local or remote attackers to halt the processing of security information requiring the host to be restarted. This new vulnerability affects all Windows NT 4.0 hosts including those with Service packs up to and including SP6a. ms99-057 addresses this vulnerability. NAI homepage here.
fe06b986ca5e0c54881b494c71b0c294Vulnerability in OpenBSD 2.3 chpass(1)
97d613b29b9ffb78d30d11ad21f1d528Tooltalk advisory.
1e6215ffb353b1dea0f9da59c61aad06Windows NT SNMP Vulnerabilities
9451acff386c796ef1fa91ecfffa4655NFR web server advisory.
0d7bf26c83867e6c242fe3cbe1d25ba1Linux TCP advisory.
f48dee380aaa92550682d914e205c049Windows IP Source Routing Vulnerability
3f729497abee472d2680394c65511905Vulnerability in Unchecked DNS Data.
d86bb5d1b9614d1f9121b43ad883eb18Vulnerability in Vixie Cron
02f467a8a5f19aec72c7b90159366723Vulnerabilities in Default Cron Jobs
7dc62cc377a1887af88ae0b9789bd651Vulnerabilities in the Apache httpd
ccc8a62fbbe02c44e2e56f4f7d0de7ecWINNT DNS advisory.
54e2c2ea153014ebc6425d3bda18b531TCP Spoofing advisory.
6b78957074d1eaf9a604d73598943851X11 overflow advisory..
80044af577bc2e6a522e0422b9602600IMAP overflow advisory.
95bd60ed2a0a572d12ace4fe2a4e5e71FreeBSD lpd Security Vulnerability
fd1fa099a6540971077a38d012508b31BSD Filehandle vulnerability.
155c7ecab7ac43e7e33c806401aaf2a9PHP overflow advisory.
76a19b6964c434dfcd6879d897781fa4
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed