Network Security News – Saturday, May 07, 2005 Events
Ethereal RSVP Dissector Malformed Packet DoS
Ethereal contains a flaw that may allow a remote denial of service. The issue is triggered when handling Resource Reservation Protocol (RSVP) packets. By sending a malformed RSVP packet, a remote attacker could cause the application to enter an infinite loop resulting in a loss of availability.. Read more at osvdb.org/15856
Cocktail Process List Administrator Password Disclosure
Cocktail contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords when cocktail passes the password in clear text while executing functions, which may lead to a loss of confidentiality.. Read more at osvdb.org/16046
tcpdump LDP ldp_print() Function Malformed Packet DoS
tcpdump contains a flaw that may allow a remote denial of service. The issue is triggered due to the ldp_print() function when handling Label Distribution Protocol (LDP) packets. By sending a malformed LDP packet, a remote attacker could cause the application to enter an infinite loop resulting in a loss of availability.. Read more at osvdb.org/15864
tcpdump BGP RT_ROUTING_INFO Malformed Packet DoS
tcpdump contains a flaw that may allow a remote denial of service. The issue is triggered when handling Border Gateway Protocol (BGP) packets. By sending a malformed BGP packet, a remote attacker could cause the application to enter an infinite loop resulting in a loss of availability.. Read more at osvdb.org/15863
tcpdump ISIS isis_print() Function Malformed Packet DoS
tcpdump contains a flaw that may allow a remote denial of service. The issue is triggered due to the isis_print() function when handling Intermediate-System to Intermediate-System (ISIS) packets. By sending a malformed ISIS packet, a remote attacker could cause the application to enter an infinite loop resulting in a loss of availability.. Read more at osvdb.org/15862
LibTIFF STRIPOFFSETS Flag TIFFFetchStripThing() Function Overflow
A local overflow exists in LibTIFF. The TIFFFetchStripThing() function fails to validate the nstrips variable resulting in a buffer overflow. With a specially crafted file, a malicious user can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/12556
LibTIFF Directory Entry Count Remote Overflow
A local overflow exists in LibTIFF. The tdir_count variable is not validated before being passed to CheckMalloc() resulting in a heap overflow. With a specially crafted request, a malicious user can cause arbitary code execution resulting in a loss of integrity.. Read more at osvdb.org/12555
Leave a Reply