Monthly Archive: April 2003

Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename. Date published...

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. Date published : 2003-04-02...

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the...

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to...

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option. Date published : 2003-04-02 http://www.securityfocus.com/bid/4964 http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute...

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname. Date...

The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application...

Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a...

The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files. Date published : 2003-04-02 http://www.securityfocus.com/bid/4880 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc

The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service...

clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges. Date published : 2003-04-02 http://techsupport.services.ibm.com/server/aix.uhuic_getrec?args=DVsteamboat.boulder.ibm.com+DBAIX2+DA6854+STIY24556+USbin

Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter. Date published : 2003-04-02 http://www.securityfocus.com/bid/4724 http://archives.neohapsis.com/archives/bugtraq/2002-05/0092.html

An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions,...