Monthly Archive: September 2004

Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string...

Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module....

The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify...

scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH...

Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root. Date published : 2004-09-01 http://archives.neohapsis.com/archives/aix/2002-q3/0007.html http://www.securityfocus.com/bid/5885

Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections....

An undocumented SNMP read/write community string (‘NoGaH$@!’) in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges. Date published : 2004-09-01 http://www.securityfocus.com/bid/5396 http://archives.neohapsis.com/archives/bugtraq/2002-07/0519.html

Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument. Date published : 2004-09-01 http://www.securityfocus.com/bid/5056 http://online.securityfocus.com/archive/1/277653

The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which...

The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user’s input into the toolbar via an "onkeydown" event handler. Date published : 2004-09-01 http://www.securityfocus.com/bid/5426 http://online.securityfocus.com/archive/1/286527

The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option. Date published : 2004-09-01 http://www.securityfocus.com/bid/5521 http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html

Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences....

The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request. Date published : 2004-09-01 http://www.securityfocus.com/bid/5520 http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html

class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the ‘allow_url_fopen’ setting is enabled via a URL in the config_atkroot parameter that points to the code....