Monthly Archive: April 2005

WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. Date published : 2005-04-14 http://www.cs.jhu.edu/~seny/pubs/wince802.pdf

Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks. Date...

LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under the web document root in users.lst, which allows remote attackers to obtain the passwords via a direct request to users.lst. Date published : 2005-04-14...

Buffer overflow in Melange Chat System 1.10 allows remote attackers to cause a denial of service (chat server crash) and possibly execute arbitrary code via the msgText buffer in the chat_InterpretData function, as demonstrated...

Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers...

Memory leak in RealSecure Event Collector 6.5 allows attackers to cause a denial of service (memory consumption and crash). Date published : 2005-04-14 http://www.isskk.co.jp/support/XPressUpdates/RS/RS65ECSR15RNj.html

The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences. Date published : 2005-04-14 http://lists.apple.com/archives/security-announce/2003/Dec/msg00001.html http://www.auscert.org.au/render.html?it=3704

Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges. Date published : 2005-04-14 http://www-1.ibm.com/support/search.wss?rs=0&q=IY48272&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY48747&apar=only

Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers. Date published : 2005-04-14 https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711

The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. Date published...

psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments. Date published : 2005-04-14 http://www.securityfocus.com/bid/9038 http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013652.html

psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to read arbitrary files via the (1) headername or (2) footername arguments. Date published : 2005-04-14 http://www.auscert.org.au/render.html?it=3610 http://www.securityfocus.com/bid/9037

Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool. Date published : 2005-04-14 http://www.auscert.org.au/render.html?it=3165 http://www.securityfocus.com/bid/7894

Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags. Date published : 2005-04-14 http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html http://www.securityfocus.com/bid/11573