Network Security News – Friday, October 07, 2005 Events
Microsoft Windows SeDebugPrivilege NtSystemDebugControl Function Privilege Escalation
Microsoft Windows contains a flaw that may allow a malicious local user to gain elevated privileges. The issue is triggered due to flaws in the NtSystemDebugControl kernel debugging function. It is possible that the flaw may allow execution of arbitrary code on the system with kernel mode privileges resulting in a loss of integrity.. Read more at osvdb.org/19857
FreeBSD /dev/iir Permission Weakness Privilege Escalation
FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when default permissions allow a malicious user to open a /dev/iir device node and execute ioctl calls. By sending commands to iir(4) driver hardware via ioctl calls, a local user can destroy or possibly disclose data. This flaw may lead to a loss of confidentiality, integrity and/or availability.. Read more at osvdb.org/16090
FreeBSD i386_get_ldt() Function Arbitrary Kernel Memory Disclosure
FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user supplies negative or excessive values as an argument to the i386_get_ldt() system call, which will disclose arbitrary portions of kernel memory resulting in a loss of confidentiality.. Read more at osvdb.org/16092
UW-imapd Netmailbox Name mail_valid_net_parse_work() Function Overflow
A remote overflow exists in UW-imapd. The mail_valid_net_parse_work() function in 'src/c-client/mail.c' fails to properly validate the user-supplied mailbox name resulting in a stack overflow. With a specially crafted request, a remote authenticated attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/19856
Mac OS X securityd Unspecified Local Privilege Escalation
Mac OS X contains an unspecified flaw in Authorization Services that may allow a malicious user to gain access to unauthorized privileges. This flaw may lead to a loss of integrity.. Read more at osvdb.org/19711
Mac OS X SecurityAgent "Switch User…" Arbitrary Account Authentication Bypass
Mac OS X contains a flaw that may allow a malicious user to gain unauthorized access to a locked desktop. The issue is triggered when the "Switch User…" button appears in the screensaver Unlock Dialog, even with Fast User Switching disabled. It is possible that the flaw may allow the currently logged-in user's desktop to be displayed without a password resulting in a loss of confidentiality and/or integrity.. Read more at osvdb.org/19710
Mac OS X Mail.app auto-reply Rule Encrypted Message Cleartext Disclosure
Mac OS X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when Mail.app processes an auto-reply rule for an encrypted message, which will include the decrypted contents of the original mail in the reply resulting in a loss of confidentiality.. Read more at osvdb.org/19704
Mac OS X ImageIO GIF Processing Overflow
An unspecified local overflow exists in Mac OS X. The ImageIO library fails to validate GIF image files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/19703
WoltLab Burning Board modcp.php Multiple Variable SQL Injection
WoltLab Burning Board contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'modcp.php' script not properly sanitizing user-supplied input to the 'x' and 'y' variables. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19035
PHPTB index.php mid Variable SQL Injection
PHPTB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'mid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18736
Vuln: Computer Associates Multiple Product HTTP Request Remote Unspecified Buffer Overflow Vulnerability
Computer Associates Multiple Product HTTP Request Remote Unspecified Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/15025
Leave a Reply