Monthly Archive: April 2005

OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d. Date published...

Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character. Date published :...

Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTP_USER_AGENT CGI environment variable. Date published : 2005-04-21 http://www.securityfocus.com/archive/1/173050 http://www.kb.cert.org/vuls/id/229955

Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message. Date published : 2005-04-21 http://www.securityfocus.com/bid/3290 http://www.cert.org/advisories/CA-2001-25.html

Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters. Date published : 2005-04-21 http://www.securityfocus.com/bid/6060 http://www.kb.cert.org/vuls/id/837419

Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request. Date published : 2005-04-21 http://www.securityfocus.com/archive/1/161917 http://www.kb.cert.org/vuls/id/367320

Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter. Date published : 2005-04-21 http://www.securityfocus.com/archive/1/161917 http://www.kb.cert.org/vuls/id/123384

By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. Date...

Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption)...

Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./". Date published : 2005-04-21 http://cert.uni-stuttgart.de/archive/vuln-dev/2001/05/msg00029.html http://www.kb.cert.org/vuls/id/199408

The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. Date published : 2005-04-21...

Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3)...

NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run...

Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories. Date published :...