Monthly Archive: August 2003

Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of...

The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700....

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name. Date published : 2003-08-22 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729 http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549. Date published...

GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file. Date published : 2003-08-22 http://marc.info/?l=bugtraq&m=106194792924122&w=2 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729

Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a...

Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache...

Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code. Date published : 2003-08-22 http://www.securityfocus.com/bid/8454 http://www.cert.org/advisories/CA-2003-22.html

Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail. Date published : 2003-08-21 http://www.debian.org/security/2003/dsa-373

Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port...

Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than...

The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, do not perform sufficient sanity checking, with unknown impact. Date published : 2003-08-18 ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P

Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows attackers to cause a denial of service (memory consumption). Date published : 2003-08-18 http://www.osvdb.org/8587 ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P

SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does not follow "-" entries in the /etc/group file, which may cause subsequent group membership entries to be processed inadvertently. Date published : 2003-08-18 ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P