Network Security News – Tuesday, June 14, 2005 Events
HP Radia Notify Daemon RADEXECD Process nvd_exec Function Remote Overflows
Multiple remote overflows exist in Radia Notify Daemon. The nvd_exec function in the RADEXECD process fails to validate the parameters for two remote command execution requests resulting in stack overflows. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/16987
CA BrightStor ARCserve Backup Universal Agent Remote Overflow
A remote overflow exists in ARCServe Backup. The Universal Agent fails to validate packets which are received on the TCP port, with the "option"
field set to 0, 3 or 1000, and a large string preceding this "option"
field in the packet, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/15471
Sumus HTTP RespondeHTTPPendiente Function Remote Overflow
A remote overflow exists in Sumus. The RespondeHTTPPendiente function fails to validate user-supplied input before passing it into a while loop resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/15625
Ovidentia FX index.php babInstallPath Variable Remote File Inclusion
Ovidentia contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the babInstallPath variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/17247
Mac OS X AFP Server POSIX Permissions Override DoS
Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when a file with POSIX-only permissions is copied to an ACL-enabled volume on an AFP server. A temporary ACL is assigned during the copy process which may not be removed after the copy has completed and will result in loss of availability of the file to the owner.. Read more at osvdb.org/17269
Mac OS X launchd launchd_server_init() Race Condition
Mac OS X contains a flaw that may allow a malicious local user to manipulate arbitrary files on the system. The issue is due to the launchd creating temporary files insecurely wihtin the launchd_server_init() function. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more at osvdb.org/17265
Mac OS X NFS -network / -mask Access Restriction Failure
Mac OS X contains a flaw that causes NFS filesystems to be exported in spite of configured restrictions. The issue is triggered when the -network and -mask options are used to restrict access, but the filesystem is actually exported to everyone resulting in a loss of confidentiality.. Read more at osvdb.org/17263
Mac OS X MCX Client Portable Home Directory Credential Disclosure
Mac OS X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the MCX client logs Portable Home Directory user credentials to a file on the local system, which will disclose account information resulting in a loss of confidentiality.. Read more at osvdb.org/17271
Mac OS X Unsafe Mime Type Database Check Bypass
Mac OS X contains a flaw that may allow a malicious application to bypass security checks and execute. The issue is triggered when a file type or MIME entry is added to the unsafe file types database without a corresponding UTI (Uniform Type Identifier), which will cause a query on the specified file type to fail to return as unsafe. It is possible that the flaw may allow malicious code to execute resulting in a loss of integrity.. Read more at osvdb.org/17270
Leave a Reply