Monthly Archive: November 2003

Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2)...

Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed. Date published : 2003-11-12 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000778 http://sourceforge.net/forum/forum.php?forum_id=308015

Symbol Access Portable Data Terminal (PDT) 8100 does not hide the default WEP keys if they are not changed, which could allow attackers to retrieve the keys and gain access to the wireless network....

Buffer overflow in conquest 7.2 and earlier may allow a local user to execute arbitrary code via a long environment variable. Date published : 2003-11-12 http://www.debian.org/security/2003/dsa-398

Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code. Date published : 2003-11-12 http://marc.info/?l=bugtraq&m=106858898708752&w=2 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000783

Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector. Date published : 2003-11-06 http://www.securityfocus.com/bid/8951 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000780

Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to cause a denial of service (crash) via certain malformed (1) ISAKMP or (2) MEGACO packets. Date published : 2003-11-06 http://www.securityfocus.com/bid/8951 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000780

Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string. Date published : 2003-11-06 http://www.securityfocus.com/bid/8951 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000780

Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access." Date published : 2003-11-06 http://www.securityfocus.com/bid/8979 http://docs.info.apple.com/article.html?artnum=120269

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. Date published : 2003-11-06 http://www.securityfocus.com/bid/8970 http://marc.info/?l=bugtraq&m=106796246511667&w=2

Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME. Date published : 2003-11-06 http://www.securityfocus.com/bid/8973...

Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP...

Multiple vulnerabilities in multiple vendor implementations of the X.400 protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an X.400 message containing certain unexpected ASN.1 constructs, as...

Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing...