Network Security News – Wednesday, October 12, 2005 Events
Mac OS X Application Memory Debugging MallocLogFile Variable Insecure File Creation
Mac OS X contains a flaw that may allow a malicious local user to create and/or manipulate arbitrary files on the system. The issue is due to malloc reading the MallocLogFile environment variable when running suid executables, modifying any file on the system. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more at osvdb.org/19706
xine/gxine xine-lib CDDB Response Format String
xine-lib contains a flaw that may allow remote execution of arbitrary code. The issue is triggered when a xine-lib based media application, such as xine or gxine, retrieves improper metadata from a malicious CDDB server while playing an audio CD. The metadata is placed in memory on the stack and eventually passed to a fprintf() function as a format string. This allows the malicious user to alter the control flow and to execute malicious code with the permissions of the user running the application.. Read more at osvdb.org/19892
Mac OS X Mail.app Kerberos 5 SMTP Authentication Arbitrary Memory Disclosure
Mac OS X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when Kerberos 5 authentication is used in Mail.app, which may append uninitialized memory to a message resulting in a loss of confidentiality.. Read more at osvdb.org/19705
Webroot Desktop Firewall PWIWrapper.dll FirewallNTService.exe Overflow
A local overflow exists in Webroot Desktop Firewall. The 'PWIWrapper.dll' library fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary code execution with SYSTEM privileges resulting in a loss of integrity.. Read more at osvdb.org/19868
Webroot Desktop Firewall DeviceIoControl() Local DoS
Webroot Desktop Firewall contains a flaw that may allow a local denial of service. The issue is triggered when sending specific 'DeviceIoControl()' commands to the firewall driver, which may allow a malicious user to disable the firewall resulting in a loss of availability.. Read more at osvdb.org/19869
Sony PSP Photo Viewer TIFF File Overflow
A remote overflow exists in PSP (PlayStation Portable). The TIFF library of the Photo Viewer application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted TIFF file, a remote attacker can cause the device to crash resulting in a loss of availability.. Read more at osvdb.org/19665
HAURI Anti-Virus ALZ Archive Filename Overflow
A remote overflow exists in multiple HAURI anti-virus products. The issue is due to a boundary error in the archive decompression library when reading the filename of a compressed file from an ALZ archive resulting in a stack-based buffer overflow. With a specially crafted request, a remote attacker can execute arbitrary code resulting in a loss of integrity. This requires that compressed file scanning is enabled.. Read more at osvdb.org/19878
ALZip ALZ Archive Handling Overflow
A remote overflow exists in ALZib. The application fails to perform proper bounds checking resulting in a stack-based buffer overflow. With a specially crafted ALZ archive containing a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/19889
ALZip ARJ/ZIP/UUE/XXE Archive Handling Overflow
A remote overflow exists in ALZib. The application fails to perform proper bounds checking resulting in a heap-based buffer overflow. With a specially crafted ARJ, ZIP, UUE or XXE archive containing a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/19890
Leave a Reply