Novell NetWare NWFTPD MDTM Command Path Name Overflow DoS

Network Security News – Monday, March 20, 2006 Events

Novell NetWare NWFTPD MDTM Command Path Name Overflow DoS

A remote overflow exists in NWFTPD. The product fails to perform correct boundary checks on the target file of an MDTM command resulting in a buffer overflow. With a specially crafted file path, an attacker can cause denial of service resulting in a loss of availability for the platform.. Read more at osvdb.org/23949

ENet Library enet_host_service header.commandLength Parameter Overflow DoS

ENet Library contains a flaw that may allow a remote denial of service. The issue is triggered when a packet with a large command length value is sent to the enet_host_service which leads to an invalid memory access resulting in loss of availability for the service.. Read more at osvdb.org/23844

GGZ Gaming Zone Crafted XML DoS

GGZ Gaming Zone contains a flaw that may allow a remote denial of service. The issue is triggered when joining the server with a nickname that contains the single quote character at the end, with a nickname that is longer than 16 characters, or via an overly long text message, and will result in loss of availability for the service.. Read more at osvdb.org/23848

Mercur Messaging IMAP Service Multiple Command Remote Overflow

A remote overflow exists in MERCUR Messaging Server IMAP service. The product fails to perform boundary checks on login and select commands resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/23950

ENet Library enet_host_service Fragmented Packet Data Allocation DoS

ENet Library contains a flaw that may allow a remote denial of service. The issue is triggered when the enet_host_service tries to reassemble fragmented packets with an overly large total data size value, and will result in loss of availability for the service.. Read more at osvdb.org/23845

CGI::Session Session File Permission Weakness Local Information Disclosure

CGI::Session contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when Driver::File creates a session file without setting permissions. With a standard umask setting, the session file will be world readable, resulting in a loss of confidentiality.. Read more at osvdb.org/23866

CGI::Session Multiple Module /tmp Symlink Arbitrary File Overwrite

CGI::Session contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the Driver::File, Driver::db_file and Driver::sqlite modules creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more at osvdb.org/23865

CGI::Session Driver::db_file cgisess.db Remote Disclosure

CGI::Session contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when Driver::db_file writes to the cgisess.db file with insecure permissions, which will disclose session information resulting in a loss of confidentiality.. Read more at osvdb.org/23867