Mac OS X AFP Server Legacy Client Support Overflow

Network Security News – Monday, June 13, 2005 Events

Mac OS X AFP Server Legacy Client Support Overflow

A remote overflow exists in Mac OS X. The AFP server fails to validate input which is processed by code which supports legacy clients resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/17268

os4e login.asp Password Field SQL Injection

os4e contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the "Password" variable in the "login.asp" script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16912

Mac OS X CoreGraphics Window Server Privilege Escalation

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a local user exploits an unspecified flaw in CoreGraphics to run commands in a root session. This flaw may lead to a loss of integrity.. Read more at osvdb.org/17266

Mac OS X CoreGraphics/PDFKit Malformed PDF DoS

Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when a poorly or mailiciously formed PDF document is passed to PDFKit or CoreGraphics for rendering, and as part of the cleanup process a check for a NULL pointer is omitted. This will result in loss of availability for the service.. Read more at osvdb.org/17267

MWChat start_lobby.php Remote File Inclusion

MWChat contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to start_lobby.php not properly sanitizing user input supplied to the CONFIG[MWCHAT_Libs] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/17087

Multiple Unix gethostbyaddr() /etc/hosts Unauthorized File System Mount

HPUX and OSF contain a flaw that may allow a remote attacker to gain unauthorized privileges to exported NFS shares. The issue occurs when the system is configured so that the nsswitch.conf or svc.conf resolves DNS from /etc/hosts first. The gethostbyaddr() function has a flaw that causes the h_aliases field of the hostent struct to get data from the last line of the /etc/hosts file. If the last line of the hosts file is a machine which you export file systems to, it may allow a remote machine to mount the file system without authorization.. Read more at osvdb.org/17262

AIX getlvname Command Line Argument Local Overflow

A local overflow exists in AIX. The 'getlvname' command fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long command line argument, a malicious user can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/17253

AIX diagTasksWebSM Command Line Argument Local Overflow

A local overflow exists in AIX. The 'diagTasksWebSM' command fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long command line argument, a malicious user can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/17252

AIX bos.rte.control pstart Command Line Argument Local Overflow

A local overflow exists in AIX. The 'pstart' command fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long command line argument, a malicious user can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/17258

AIX bos.rte.control phold Command Line Argument Local Overflow

A local overflow exists in AIX. The 'phold' command fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long command line argument, a malicious user can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/17259

Vuln: LutelWall Multiple Insecure File Creation Vulnerabilities

LutelWall Multiple Insecure File Creation Vulnerabilities. Read more at securityfocus.com/bid/13863

Vuln: Gedit Filename Format String Vulnerability

Gedit Filename Format String Vulnerability. Read more at securityfocus.com/bid/13699

Vuln: GNU SHTool Insecure Temporary File Deletion Vulnerability

GNU SHTool Insecure Temporary File Deletion Vulnerability

. Read more at securityfocus.com/bid/13767

Vuln: Ettercap Remote Format String Vulnerability

Ettercap Remote Format String Vulnerability. Read more at securityfocus.com/bid/13820

Re: Arbitrary code execution in eping plugin

Re: Arbitrary code execution in eping plugin. Read more at securityfocus.com/archive/1/402046

[ GLSA 200506-10 ] LutelWall: Insecure temporary file creation

[ GLSA 200506-10 ] LutelWall: Insecure temporary file creation. Read more at securityfocus.com/archive/1/402047

Multiple vulnerabilities in Pico Server (pServ) v3.3

Multiple vulnerabilities in Pico Server (pServ) v3.3

. Read more at securityfocus.com/archive/1/402045

[ GLSA 200506-09 ] gedit: Format string vulnerability

[ GLSA 200506-09 ] gedit: Format string vulnerability. Read more at securityfocus.com/archive/1/402048