May 2002 Advisories & Exploits


May 31 2002

Mnews E-mail and News Reader - buffer overflows exist that may allow local users to gain elevated privileges and remote users to gain access to the system

Shambala Server Discloses Clear Text Passwords to Authenticated Remote Users Via FTP and Also Lets Remote Users Crash the Web Server

Sun Ray Server With Non-Smartcard Mobility Feature May Allow Remote Users with XDMCP Clients to Login to an Arbitrary Users' Sun Ray Server Account

Advanced Maryland Automatic Network Disk Archiver (AMANDA) Buffer Overflows May Let Remote Users and Certain Local Users Gain Root Access

phpBB Image Tag Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks Against phpBB Users


May 30 2002

IBM Informix SE Database Buffer Overflow in Processing the 'INFORMIXDIR' Environment Variable May Allow Local Users to Obtain Root Privileges

Caldera CSSA-2002-SCO.23 - Open UNIX 8.0.0 and UnixWare 7.1.1 ftpd allows data connection hijacking via PASV mode.

csPassword Script May Disclose Passwords to Local or Remote Users

Quantum 'Snap Server' Network Attached Storage Device Can Be Crashed By Remote Users

FileZilla FTP Server Discloses Files Outside of the Root FTP Directory to Remote Users

Tcpdump Sniffer Has Buffer Overflow in the Processing of NFS Packets That Allows Remote Users to Crash the Sniffer

Firestorm Network Intrusion Detection System (NIDS) Can Be Crashed By Remote Users Sending Malformed IP Options

ECS K7S5A Mainboard Lack of Access Control on Boot Menu Lets Physically Local Users Make Unauthorized Changes to the Boot Process

HP Software Distributor 'swinstall' Hole Lets Local Users View Files That They Are Not Privileged to View


May 29 2002

Kismet Wireless Network Sniffing Software May Let Local Users Gain Root Access or Remote Users Execute Arbitrary Code on the System

Microsoft MS02-025 - Exchange 2000 flaw in processing a malformed SMTP command allows remote users to deny service to the server

FreeBSD-SA-02:27 - /etc/rc startup script unsafely deletes temporary files when booting, allowing local users to cause arbitrary directory contents to be deleted

FreeBSD-SA-02:26 - accept_filtering() function allows remote users to cause denial of service conditions

Jakarta Tomcat Java Server Default Installation Sample Pages Disclose Information to Remote Users

Gafware CFXImage Cold Fusion Tag Software Has Module ('showtemp.cfm') That Discloses Files on the System to Remote Users

Novell NetWare Enterprise Web Server Default Files Disclose Server Information to Remote Users

Macromedia JRun Server - ISAPI DLL buffer overflow lets remote users execute arbitrary code and could lead to taking full control of the system

'Autorun' Utility for Xandros Desktop Linux Beta Discloses a Portion of Any File to Local Users

Image Display System (IDS) CGI Script Discloses Information About Existing Directories to Remote Users

CERT CA-2002-14 - a remote buffer overflow in Macromedia JRun 3.0 or 3.1 on Windows NT4 or Windows 2000 running IIS versions 4 or 5.

Conective CLA-2002:490 - multiple vulnerabilities in mozilla


May 28 2002

Cisco VPN Linux Client - a local root vulnerability exists in the Cisco VPN client for Linux which allows a user to connect to a Cisco VPN device.

FreeBSD-SN-02:03 - multiple ports packages contain vulnerabilities, including amanda, fetchmail, gaim, gnokii, horde, imap-uw, imp, linux-netscape6, mnogosearch, mpg321, ssh2, tinyproxy, and webmin

Meteor FTP Server Command Processing Bug Lets Remote Authenticated Users Crash the Server

DataWizard FtpQX Server Buffer Overflow Lets Remote Authenticated Users Crash the Service

OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System

WoltLab Burning Board Forum Lets Remote Users Hijack Newly Assigned User Accounts

3Com OfficeConnect DSL Router Address Translation Hole Lets Remote UsersGain Unauthorized Access to Ports on Hosts Behind the Router

Opera Web Browser Allows Malicious Servers to Silently Retrive Files from the Victim's System

NetScreen Firewall Can Be Made to Reboot By Remote Users That Send Long Usernames to the Device's Login Screen

Cert CS-2002-02 - quarterly summary of attack trends including those against MS SQL Server, MSN Chat, Cachefs Daemon, MS IIS, Oracle, and more.


May 27 2002

Virtual Programming's VP-ASP Shopping Cart Default Configuration May Disclose Internal Database (Including Credit Card Data) to Remote Users

BlueFace's Falcon Web Server v2.0 - lets remote users access password-protected files


May 26 2002

Redhat RHSA-2002:084-17 - nss_ldap packages fix pam_ldap vulnerability


May 25 2002

Mailman E-mail Discussion List Software Allows Remote Users to Conduct Cross-Site Scripting Attacks

Concurrent Versions System (CVS) Off-by-one Buffer Overflow May Let Local Users Execute Arbitrary Code to Gain Elevated Privileges

PGP Public Key Server Buffer Overflow Lets Remote Users Crash the Service

IRSSI IRC Client for UNIX May Contain a Backdoor in a Certain Version of the Source Code Distribution

TightVNC Virtual Network Computing Software May Disclose Passwords to Local Users and May Allow Remote Users to Crash the Server

Sendmail =<v8.12.3 - the file locking functions contain a local denial of service.


May 24 2002

Microsoft Excel Spreadsheet XML Stylesheet ActiveX Object Flaw Lets Remote Users Create Malicious Excel Spreadsheets That May Execute Arbitrary Code When Opened With the XML Stylesheet Option

Cisco Intrusion Detection System (IDS) Device Manager Bug in Web Access Feature Lets Remote Users View Files on the Sensors

Microsoft Active Directory May Have Bug That Allows Remote Users to Crash the Directory

Sendmail Default File Permissions and Configuration Allows Local Users to Deny Service to Sendmail

Debian 'netstd' Utility Package Has Several Components With Buffer Overflows That Allow Remote Users to Execute Arbitrary Code on the System

LocalWEB2000 Web Server Discloses Password-Protected Files to Remote Users

Pharao Web Portal Software Has Multiple Flaws That Allow Remote Users to Access the System as Any User and to Read Files on the Server

Conectiva CLA-2002:489 - mailman contains cross site scripting vulnerability


May 23 2002

Cisco Security Advisory - Cisco Broadband Operating System (CBOS) for Cisco 600 Series DSL Routers has three vulnerabilities that lets remote users crash the routers

Cisco Security Advisory - ATA-186 password disclosure vulnerability

User-Mode Linux (UML) Environment System Call Breakpoint Bug Lets Local Users Execute System Calls on the Host (Outside of the UML Environment)

Microsoft Date Engine (MSDE) Default Configuration Leaves Blank Password for System Administrator Account

Opty-Way Enterprise Glassworks Management Application Installs Microsoft Data Engine Insecurely, Allowing Remote Users to Execute Commands on the System

Compaq Integrated Administrator for Compaq ProLiant Server Blade Enclosure May Allow Authenticated Remote Users to Gain Full Access to the Enclosure Operating System

Sun Solaris - in.talkd is vulnerable to a remote root format string bug which may allow an attacker to gain control


May 22 2002

Microsoft MS02-024 - Windows Debugging Facility for Windows NT4 and 2000 has authentication hole that lets local users execute arbitrary code with SYSTEM Privileges

Cisco Security Advisory - Cisco IP Phones allow remote users to cause the phone to crash and restart and allow physically local users to modify the telephone's configuration

MatuSoft's MatuFtpServer Buffer Overflow Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code on the Server

New Atlanta Communications ServletExec/ISAPI Java Server Can Be Crashed By Remote Users and Discloses the Directory Path and Files in the Web Root Directory to Remote Users

YoungZSoft CMail Server Buffer Overflow Allows Remote Users to Execute Arbitrary Code to Gain Shell Access on the System

IBM DB2 Database Buffer Overflow in 'db2ckpw' Lets Local Users Gain Root Access on the System

Sun Solaris - in.rarpd reverse ARP protocol daemon may let local and remote users gain root access on the system

Deerfield WebSite Pro Windows-based Web Server May Disclose CGI Source Code to Remote Users in Certain Cases

Redhat RHSA-2002:092-11 - The UW imap daemon contains a buffer overflow which allows a logged in, remote user to execute commands on the server with the user's UID/GID.

SuSE-SA:2002:019 - A remote exploitable format string vulnerability was found in the logging routines of the dynamic DNS code of dhcpd. This vulnerability allows an attacker, usually within the LAN served by the DHCP server, to get remote root access to the host running dhcpd.

Gobbles talk.d - a format string vulnerability exists in most talkd implementations, including older linux netkits and KDE 1-3.


May 21 2002

Ethereal Network Sniffer Has Multiple Bugs That May Allow Remote Users to Send Packets to Execute Arbitrary Code or Cause the Sniffer to Hang or Crash

Fetchmail Client Buffer Overflow May Allow a Remote Mail Server to Execute Arbitrary Code on the Client System

Cisco IOS Can Be Crashed By Remote Users Sending ICMP Redirect Messages

SSH May Allow Authorized Remote Users to Bypass Server Authentication Configuration Settings and Login Using Passwords When the Server is Configured to Prohibit the Use of Passwords

Talkd Format String Hole Lets Remote Users Execute Arbitrary Code on the System

mcNews Forum Software Has Several Bugs That Disclose Files to Remote Users and Allow Remote Users to Conduct Cross-Site Scripting Attacks Against mcNews Users

Red Hat Stronghold - the sample script swish discloses installation path to remote users

Xitami Web Server Flaw in Processing Errors May Allow Remote Users to View CGI Source Code

Winamp Media Player May Disclose Certain User Passwords to Local Users

BannerWheel CGI-based Banner Display Management Software Buffer Overflows May Let Remote Users Execute Arbitrary Code Via the Management Interface

Sun AnswerBook2 'gettransbitmap' Buffer Overflow Lets Remote Users Execute Arbitrary Code

Ipswitch's IMail Server Buffer Overflow in LDAP Service Lets Remote Users Execute Arbitrary Code with SYSTEM Level Privileges

Mandrake MDKSA-2002:033 - a vulerability exists that allows a remote attacker to login to Webmin as any user.


May 20 2002

'bzip2' File Compression Utility May Allow Local Users to Be Able to Read the Contents of Privileged Files

FreeBSD SA-02:24 - K5su kerberos-based su utility fails to limit access to only 'wheel' group users

ViewCVS Web-based CVS Interface Allows Cross-Site Scripting Attacks Against ViewCVS Users


May 18 2002

Xerox DocuTech Publishing System Has Insecure Default Configuration for the System Controllers, Letting Remote Users Take Full Control of the System

Multiple CGI Scripts From CGIScript.net Disclose the Installation Path to Remote Users


May 17 2002

Phorum Bulletin Board Software Has PHP Include Bug in 'plugin.php' Lets Remote Users Execute Arbitrary PHP Code and Shell Commands on the Server

Quake II Game Server May Disclose Sensitive Information, Including Passwords, to Remote Users

Swatch Log File Monitor Has Bug in the Throttling Code That May Cause Some Events to Be Missed

SonicWALL SOHO Firewall Device Log File Filtering Hole Lets Remote Users on the Local Network Inject Scripting into Log Files for Denial of Service or Potential Cross-Site Scripting Attacks

Hosting Controller Software for Web Hosting Companies Has Input Validation Errors in 'dsnmanager.asp' and 'imp_rootdir.asp' Scripts That Allow Remote Users to View Files on the System and Upload and Copy Files With Administrator Privileges

XMB Group Magic Lantern Forum Software Discloses Log Files and Server Installation Path Information to Remote Users

'sliplogin' Serial Line IP Utility Buffer Overflow May Possibly Allow Local Users to Gain Elevated Privileges

Parallel URL Fetcher ('puf') Format String Error May Let Remote Users Cause Arbitrary Commands to Be Executed

'mpg321' Audio Player Buffer Overflow May Let Remote Users Cause the Player to Execute Arbitrary Code


May 16 2002

SuSE Linux 'shadow' Password Management Utility May Let Local Users Obtain Elevated Group Privileges

Sharutils Package Uudecode Component Fails to Check for Symlinks When Decoding to a Temporary File, Allowing Local Users to Potentially Gain Elevated Privileges


May 15 2002

Microsoft MS02-023 - 6 different fixes for Internet Explorer (IE) including new content-disposition bugs may let remote users execute arbitrary code on the victim's computer. Zone spoofing hole lets remote users create HTML that when loaded may run in a less-secure IE security zone.

WolfMail Perl-based CGI E-mailer Lets Remote Users Send Mail (SPAM) Using Arbitrary 'From' Addresses

Cisco ACNS Content Software - (Cache Engines and Content Engines) may let remote users open unauthorized connections to arbitrary ports and addresses

Cisco Security Advisory - Cisco Content Service Switch (CSS) 11000 can be reset by remote users by improper handling of HTTP POST requests

Opera Browser Frame Location Bug Lets Remote Users Cause Arbitrary Javascript to Be Executed in the Incorrect Security Domain to Access Cookies and Other Sensitive Information

Sun Microsystems SunATM 'atmsnmpd' Daemon Allows Remote Users to Crash the Daemon

Microsoft Internet Explorer Bugs in 'BGSOUND' and 'IFRAME' Tags Let Remote Users Create HTML That Will Cause Denial of Service Conditions or Will Access Special DOS Devices

SuSE-SA:2002:018 - lukemftp ftp client buffer overflow in processing server-supplied PASV commands may allow remote ftp servers to cause arbitrary code to be executed on the ftp client


May 14 2002

NetPad Text Editing CGI Script Input Validation Flaws Let Remote Users View Files and Execute Shell Commands

NOCC PHP-based Webmail Client Software Displays Message Text as HTML Without Filtering, Allowing a Remote User to Access the Victim's Mailbox Using a Cross-Site Scripting Attack


May 13 2002

nCipher MSCAPI CSP Install Wizard Bug May Result in Generated Keys That Are Not Protected By Smart Cards Even if the User Requests This Protection

NetWin DNews News Server Has Unspecified 'Security Fault' That May Allow Remote Users to Access the Management Interface

Gaim Instant Messaging Client Lets Local Users Access the Hotmail Accounts of Other Active Gaim Users


May 11 2002

mnoGoSearch SQL-based Search Engine Software Has Heap Overflow That Lets Remote Users Execute Arbitrary Code with the Privileges of the Web Server

Cisco ATA 186 Analog Telephone Adaptor Discloses Device Password to Remote Users and May Also Let Remote Users Modify the Configuration Without Having the Password

AOL Instant Messenger (AIM) Bug in 'aim:AddBuddy' Link Processing May Let Remote Users Cause the AIM Client to Crash

Perl-Digest-MD5 Utility May Result in Incorrect MD5 Checksums When Processing UTF-8 Encoded Characters


May 10 2002

BEA Systems WebLogic Server and Express May Disclose an Administrative Password to Local Users

BEA Systems WebLogic Server Default Management Servlet Discloses the Contents of Files in Certain Subdirectories to Remote Users

4D Webserver v6.7.3 - An attacker can overflow the username or password field in a basic authentication resulting in EIP overwrite and possible arbitrary code execution.

Critical Path inJoin Directory Server 'iCon' Management Interface Allows Cross-Site Scripting Attacks Against Administrators

Critical Path inJoin Directory Server 'iCon' Web Administration Interface Discloses Files on the System to Authenticated Remote Users

uw-imap - University of Washington IMAP Toolkit (uw-imap) has buffer overflow that may let remote users execute arbitrary code with user-level privileges on the system

CERT CA-2002-13 - buffer overflow in Microsoft's MSN Chat ActiveX Control that may permit a remote attacker to execute arbitrary code with permissions of the user.

Novell Border Manager 3.6 SP 1a - three vulnerabilities that can cause a denial of service.

Novell Netware Client v4.83 - The Windows client can allow an attacker to crash any software that relies on name resolution.

Redhat RHSA-2002:081-06 - perl-Digest-MD5 UTF8 bug results in incorrect MD5 sums.


May 9 2002

Yahoo! Messenger Client Discloses Buddy List Contents to Local Users

Cisco BTS 10200 Softswitch Underlying Operating System Contains Network Time Daemon (NTP) Buffer Overflow That May Allow a Remote User to Crash the Device or Execute Arbitrary Code

Cisco IP Manager Underlying Operating System Contains Network Time Daemon (NTP) Buffer Overflow That May Allow a Remote User to Crash the Device or Execute Arbitrary Code

Cisco Media Gateway Controller (MGC) Product Line Underlying Operating System Contains Network Time Daemon (NTP) Buffer Overflow That May Allow a Remote User to Crash the Device

OpenBSD - any local user can fill the kernel file descriptors table, leding to a denial of service and possibly obtain root access.

Novell NetWare 6.0 SP1 - FTP Server errors in handling unexpected input let remote users cause the server to consume all available CPU resources

Usermin Session ID Spoofing Hole May Allow Remote Users to Gain Root Access to the System

Webmin Session ID Spoofing Hole May Allow Remote Users to Gain Root Access to the System

Network Associates PGP 'Wipe Deleted Files' Option Fails to Wipe Clear Text Temporary Files Used by the Windows 2000 Encrypted File System Feature

SGI 'fsr_xfs' XFS Filesystem Reorganizer May Let Local Users Obtain Root Access

Ecometry's SGDynamo Web Application Engine Allows Remote Users to Conduct Cross-Site Scripting Attacks

Mandrake MDKSA-2002:030 - iptables can leak information about how port forwarding is accomplished in unfiltered ICMP packets

Redhat RHSA-2002:086-05 - Netfilter ("iptables") can leak information about how port forwarding is done in unfiltered ICMP packets.


May 8 2002

Microsoft MSN Messenger 4.5 and 4.6 - ActiveX Control has ResDLL parameter buffer overflow that lets remote users execute arbitrary code

Microsoft MSN Chat - ActiveX Control has ResDLL parameter buffer overflow that lets remote users execute arbitrary code

Microsoft Exchange Instant Messenger 4.5 and 4.6 - ActiveX Control has ResDLL parameter buffer overflow that lets remote users execute arbitrary code

Microsoft MS02-022 - unchecked buffer in MSN Chat control can lead to code execution

Usermin Remote Access Utility May Allow Cross-Site Scripting Attacks

Webmin User Management Tool May Allow Cross-Site Scripting Attacks

Internet Software Consortium DHCP Implementation Has Format String Hole That Lets Remote Users Gain Root Access

Cisco IOS Systems Contain Network Time Daemon (NTP) Buffer Overflow That May Allow a Remote User to Crash the Device

Novell NetWare IPX Compatibility Port Allows Remote Users to Cause the System to Crash

Novel Border Manager Firewall Can Be Crashed By Remote Users Sending Specially Crafted Packets to the FTP Proxy, IP/IPX Gateway, or RTSP Proxy Ports

Linux Netfilter Firewall Has ICMP Address Translation Bug That Leaks Internal Address and Port Number Data to Remote Users

Novell NetWare Client Has Buffer Overflows in the Resolution of Long Host Names

SuSE-SA:2002:016 - ifup-dhcp script may let remote users execute arbitrary commands with root privileges under certain DHCP configurations

HP-UX Virtualvault iPlanet Web Server May Allow Remote Connections to the Administration Server

L.Y.S.I.A.S. Lidik Web Server for Microsoft Windows Systems Lets Remote Users View Files Located Anywhere on the Partition

Intel BIOS Bug Lets Physically Local Users Boot From Alternate Boot Media Even When The Supervisor Password is Set

CERT CA-2002-12 - format string vulnerability in ISC DHCPD 3.0 to 3.0.1rc8 inclusive that allows remote users to execute arbitrary code


May 7 2002

MDaemon Mail Server WorldClient Buffer Overflow Lets Authenticated Remote Users Execute Arbitrary Code on the Server with SYSTEM Privileges

SGI IRIX 20020503-01-I - netstat may let local users detect the presence of files regardless of file permissions

Pointsec for Palm OS Discloses the User's PIN Code to Physically Local Users

Microsoft Office 'Word Mail Merge' Feature Allows Remote Users to Cause Arbitrary Programs to Be Executed on the Target User's Computer

HP-UX 'ndd' Network Tuning Utility Has Unspecified Problem That May Let Local Users Cause Denial of Service Conditions

Microsoft MSN Messenger Instant Messaging Client Malformed Header Processing Flaw Lets Remote Users Crash the Client

'pam_ldap' LDAP-based Authentication Module Format String Bug Lets Local Users Obtain Root Level Access

Logitech iTouch Keyboard and Keyboard Software Can Bypass Computer Locking Protections and Execute Certain iTouch-assigned Programs When Locked

b2 Weblog Software Uses Relative Include Path That Allows Remote Users to Execute Arbitrary Shell Commands on the System

SuSE-SA:2002:015 - An attacker could send a maliciously formated image file to trigger a Denial-of-Service attack or even execute arbitrary code on the victim's machine.


May 6 2002

'ASP Client Check' SQL Injection Hole Lets Remote Users Bypass Authentication and Gain Access to Restricted Pages

Squid_auth_ldap LDAP Authentication Module for the Squid Proxy Server Has Format String Bugs That Let Remote Users Execute Arbitrary Shell Commands on the System

Another AOL Instant Messenger (AIM) TLV Buffer Overflow Lets Remote Users Execute Arbitrary Code on Another User's AIM Client

Webglimpse Search Engine Filtering Flaw May Allow Remote Users to Conduct Cross-Site Scripting Attacks Against Users of Sites Running Webglimpse

CERT CA-2002-11 - heap overflow in cachefs daemon (cachefsd) in Sun Solaris 2.5.1, 2.6, 7, and 8 (SPARC and Intel Architectures) that allows remote users to execute arbitrary code as the cachefs daemon.

ISC DHCPDv3 - format string bug that can lead to a remote root compromise


May 3 2002

Macromedia Flash Activex OCX v6.23 - remote buffer overflow that allows malicious HTML to execute arbitrary code on the victim's computer


May 2 2002

Nautilus GNOME Shell and File Manager Symlink Hole May Let Local Users Cause Other Users' to Overwrite Files on the System

4D Web Server Buffer Overflow in Processing Basic HTTP Authentication Lets Remote Users Crash the Server and May Allow Arbitrary Code to Be Executed

Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System

alterMIME Null Byte Overflow May Allow a Remote User to Cause the Application to Crash

SnapGear LITE+ Firewall - a malicious user can cause a Denial of Service situation, where part of or all of the Firewall would cease to function

(SGI Issues Fix) XFree Xlib Buffer Overflow May Let Local Users Exploit Linked Programs to Gain Elevated Privileges

Yahoo! Instant Messenger - multiple vulnerabilities related to buffer overflows and scripting flaws that can let remote users execute arbitrary code on another user's messenger client


May 1 2002

SGI IRIX 20020501-01-I - name service daemon (nsd) symlink bug may let local users obtain root privileges on the system

Caldera CSSA-2002-SCO.17 - OpenServer System Activity Reporter (sar) command line buffer overflow may let local users gain elevated privileges

Red Hat DocBook Document Conversion Tool May Allow Remote Users to Cause Arbitrary File Names to be Used for Storing a Convered HTML Document

HP FTPSRVR FTP Server for MPE/iX Operating System May Allow Remote Users to Gain Access to the System

SGI IRIX Performance Metrics Collector Daemon (pcmd) Can Be Made to Consume Available Memory on the Host By Remote Users

Microsoft Internet Explorer Can Be Crashed By Incorrectly Sized XBM Graphics Files

3Com's 3CDaemon FTP Server Buffer Overflow Lets Remote Users Crash the FTP Service

SGI IRIX Operating System 'ipfilterd' Configuration Error Lets Local Users Disrupt Network Traffic

Levcgi.com's myGuestbook Input Filtering Flaw Allows Remote Users to Conduct Cross-Site Scripting Attacks Against myGuestbook Users

CERT CA-2002-10 - format string vulnerability in Sun Solaris 2.5.1, 2.6, 7, and 8 rpc.rwalld that allows users to execute code with privileges of rwall daemon.


Copyright © 1998 - 2004 RHP Studios
All Rights Reserved!
Report errors to webmaster@rhpstudios.com
Last Updated on July 24,2004 @ 11:45 hrs EST