Monthly Archive: April 2003

Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a...

The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack. Date published : 2003-04-29...

Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. Date published : 2003-04-29 http://www.securityfocus.com/bid/7180 http://marc.info/?l=bugtraq&m=105155734411836&w=2

Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server. Date published : 2003-04-29 http://www.securityfocus.com/bid/7179...

Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body. Date published : 2003-04-29 http://www.securityfocus.com/bid/7202 http://marc.info/?l=bugtraq&m=105094204204166&w=2

The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a...

mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters. Date published :...

stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter. Date published : 2003-04-26 http://www.securityfocus.com/bid/6592 http://marc.info/?l=bugtraq&m=104247606910598

Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header. Date published : 2003-04-26 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000777 http://marc.info/?l=thttpd&m=103609565110472&w=2

Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. Date published : 2003-04-26 http://www.kb.cert.org/vuls/id/443257 http://www.cisco.com/warp/public/707/cisco-sa-20030424-catos.shtml.

SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields. Date published : 2003-04-26 http://marc.info/?l=bugtraq&m=105120052725940&w=2 http://www.battleaxesoftware.com/forums/forum.asp?forumid=36&select=1812

run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. Date published : 2003-04-26 http://www.debian.org/security/2003/dsa-292

ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a...

handleAccept in rinetd before 0.62 does not properly resize the connection list when it becomes full and sets an array index incorrectly, which allows remote attackers to cause a denial of service and possibly...