Monthly Archive: September 2008

Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted (1) mount or (2) nmount system call, related...

sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which...

Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the...

The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated...

The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of...

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a...

Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. Date published : 2008-09-04 http://www.securityfocus.com/archive/1/496487/100/0/threaded http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm

Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function. Date published :...

Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop. Date published : 2008-09-04 http://www.securityfocus.com/archive/1/496487/100/0/threaded http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675

javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files. Date published : 2008-09-04 http://www.securityfocus.com/bid/30878 http://bugs.debian.org/496418

migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. Date published : 2008-09-04 http://www.securityfocus.com/bid/30877 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496359

gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file. Date published : 2008-09-04 http://www.securityfocus.com/bid/30875 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496369

test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file. Date published : 2008-09-04 http://www.securityfocus.com/bid/30874 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496365

genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arbitrary files via a symlink attack on temporary files. Date published : 2008-09-04 http://www.securityfocus.com/bid/30876 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496415