Monthly Archive: October 2003

NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions. Date...

Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular...

IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2. Date published :...

nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument. Date published : 2003-10-25 http://marc.info/?l=bugtraq&m=99953038722104&w=2 http://lists.insecure.org/lists/bugtraq/2002/Sep/0128.html

Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs. Date published : 2003-10-25 http://marc.info/?l=bugtraq&m=100368233714229&w=2 http://www.kb.cert.org/vuls/id/147587

gv 3.5.8, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the filename for (1) a PDF file or (2) a gzip file. Date published : 2003-10-25 http://www.securityfocus.com/bid/5840...

"Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN or (2) BCM_SETTEXTMARGIN button control messages to privileged applications. Date published : 2003-10-25 http://marc.info/?l=bugtraq&m=106692772510010&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/13558

The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a...

Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument. Date published...

Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file. Date published : 2003-10-25 http://marc.info/?l=bugtraq&m=106123103606336&w=2 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000723

Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3)...

Certain scripts in OpenServer before 5.0.6 allow local users to overwrite files and conduct other unauthorized activities via a symlink attack on temporary files. Date published : 2003-10-25 http://www.securityfocus.com/bid/8864 ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.27/CSSA-2003-SCO.27.txt

ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as...

An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely...