Monthly Archive: November 2003

SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file...

Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe. Date published : 2003-11-18 http://marc.info/?l=bugtraq&m=106876107330752&w=2 http://marc.info/?l=bugtraq&m=106875764826251&w=2

Buffer overflow in omega-rpg 0.90 allows local users to execute arbitrary code via a long (1) command line or (2) environment variable. Date published : 2003-11-18 http://www.debian.org/security/2003/dsa-400

The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. Date published :...

Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. Date published : 2003-11-18 http://www.debian.org/security/2004/dsa-415...

iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface. Date published : 2003-11-18 http://www.debian.org/security/2004/dsa-492 http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00004.html

Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a...

Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request. Date published : 2003-11-18...

Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model. Date published : 2003-11-18 http://www.securityfocus.com/bid/9010...

Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary...

Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file...

The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of...

Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript. Date published : 2003-11-18 http://marc.info/?l=bugtraq&m=106874146204158&w=2

PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value. Date published :...