Network Security News – Tuesday, November 22, 2005 Events
Driverse ptrace Trusted Process Attachment
Driverse contains a flaw that may allow an untrusted process to attach to trusted processes. The issue is triggered when an untrusted process is executed under a specific UID, and attaches itself via ptrace to trusted processes running under the same UID, resulting in a loss of integrity.. Read more at osvdb.org/20982
Winmail Server /admin/main.php sid Variable Traversal Arbitrary File Overwrite
Winmail Mail Server contains a flaw that allows a remote attacker to overwrite files outside of the web path. The issue is due to the main.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "sid" variable.. Read more at osvdb.org/20925
Leave a Reply