Monthly Archive: May 2005

fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body,...

The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target...

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes...

Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument. Date published : 2005-05-04 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html

The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands. Date published : 2005-05-04 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://www.securityfocus.com/bid/13480

Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences. Date published : 2005-05-04 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://www.securityfocus.com/bid/13480

The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy. Date published : 2005-05-04 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html

lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to escape the chroot environment by logging in with their full name. Date published : 2005-05-04 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html

Mac OS X 10.3.9, when using an LDAP server that does not use ldap_extended_operation, may store initial LDAP passwords for new accounts in plaintext. Date published : 2005-05-04 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html

Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI. Date published : 2005-05-04 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://remahl.se/david/vuln/004/

Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable. Date published : 2005-05-04 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://www.us-cert.gov/cas/techalerts/TA05-136A.html

Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which "use external helper programs in an insecure manner." Date published : 2005-05-04...

Directory traversal vulnerability in the Bluetooth file and object exchange (OBEX) services in Mac OS X 10.3.9 allows remote attackers to read arbitrary files. Date published : 2005-05-04 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html

Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth file exchange service by default, which allows remote attackers to access files without the user being notified, and local users to access files via...