BSD ftpd Site EXEC Race Condition

Network Security News – Saturday, December 03, 2005 Events

BSD ftpd Site EXEC Race Condition

BSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious attacker uses the SITE EXEC command to execute an arbitrary binary in /bin that is capable of giving access to an executable outside of /bin. This flaw may lead to a loss of integrity.. Read more at osvdb.org/8720

BSD chfn Unspecified Local Overflow

BSD contains a flaw related to the chfn program that may allow an attacker to cause a local overflow. No further details have been provided.. Read more at osvdb.org/3651

BSD lpr Print Arbitrary Privileged File

Operating systems which had their kernel reorganized to accomodate the network file system (NFS) and are based on 4.3 BSD, specifically SunOS and Pyramid, contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user causes lpr to print out an arbitrary privileged file, resulting in a loss of confidentiality.. Read more at osvdb.org/1411

BSD passwd Multiple Field Local Overflow

A local overflow exists in BSD. The passwd program fails to check bounds on a long shell or GECOS field causing a buffer overflow. With a specially crafted request, an attacker can change the flow of execution to gain root privileges, which will result in a loss of integrity.. Read more at osvdb.org/5849

FastJar jar Archive Extraction Traversal Arbitrary File Write

FastJar contains a flaw that allows a remote attacker to write arbitrary files when the victim extracts a malicious .jar archive. The issue is due to the program not properly checking for traversal style attacks (../../) in the names of files in the .jar archive.. Read more at osvdb.org/21337

NetClassifieds ViewCat.php CatID Variable SQL Injection

NetClassieds contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ViewCat.php script not properly sanitizing user-supplied input to the 'CatID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21378

BSD ptrace() Malformed PID Local DoS

BSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user calls the ptrace function with a negative process ID number, and will result in loss of availability for the platform.. Read more at osvdb.org/655

NetClassifieds gallery.php CatID Variable SQL Injection

NetClassifieds contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the gallery.php script not properly sanitizing user-supplied input to the 'CatID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21379

BSD on VAX passwd Lockfile File Size Limit Local DoS

BSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user limits filesizes to 1k before using passwd. The passwd program will copy the first 1k of data from /etc/passwd into the lock file /etc/ptmp. Once 1k of data is copied, passwd will die and the lock file will remain, resulting in a loss of availability for changing passwords.. Read more at osvdb.org/634

NetClassifieds ViewItem.php ItemNum Variable SQL Injection

NetClassifieds contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ViewItem.php script not properly sanitizing user-supplied input to the 'ItemNum' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21380

Vuln: Perl Perl_sv_vcatpvfn Format String Integer Wrap Vulnerability

Perl Perl_sv_vcatpvfn Format String Integer Wrap Vulnerability. Read more at securityfocus.com/bid/15629

Vuln: SAPID CMS Authentication Bypass Vulnerability

SAPID CMS Authentication Bypass Vulnerability. Read more at securityfocus.com/bid/15689

Vuln: Real Networks RealPlayer Unspecified Remote Code Execution Vulnerability

Real Networks RealPlayer Unspecified Remote Code Execution Vulnerability. Read more at securityfocus.com/bid/15691

Vuln: Zen Cart Password_Forgotten.PHP SQL Injection Vulnerability

Zen Cart Password_Forgotten.PHP SQL Injection Vulnerability. Read more at securityfocus.com/bid/15690

Re: – Cisco IOS HTTP Server code injection/execution vulnerability

Re: – Cisco IOS HTTP Server code injection/execution vulnerability-. Read more at securityfocus.com/archive/1/418471

22nd CCC conference in Berlin

22nd CCC conference in Berlin. Read more at securityfocus.com/archive/1/418442

SEC Consult SA-XXXXXXXXXXX

SEC Consult SA-XXXXXXXXXXX. Read more at securityfocus.com/archive/1/418440

SEC Consult SA-20050212-1 :: A Word on Webmail Security and Browser related XSS Bugs

SEC Consult SA-20050212-1 :: A Word on Webmail Security and Browser related XSS Bugs. Read more at securityfocus.com/archive/1/418438