Novell eDirectory MS-DOS Device Name Request DoS

Network Security News – Thursday, June 16, 2005 Events

Novell eDirectory MS-DOS Device Name Request DoS

eDirectory contains a flaw that may allow a remote denial of service. The issue is due to a NULL pointer dereference error when handling HTTP requests for reserved MS-DOS device names which will result in loss of availability for the NDS service.. Read more at osvdb.org/17298

GNU shtool Symlink Arbitrary File Creation/Overwrite

shtool contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more at osvdb.org/16848

SunOS lpd Arbitrary File Overwrite/Delete

SunOS lpd contains a flaw that may allow a malicious local user to overwrite or delete arbitrary files on the system. The issue is due to the program not checking user input and creating files insecurely. It is possible for a user to use lpd to manipulate arbitrary files, resulting in a loss of availability.. Read more at osvdb.org/17277

Mac OS X Dashboard Directory Permission Race Condition Privilege Escalation

Mac OS X contains a flaw that may allow a malicious local user to create arbitrary files on the system. The issue is due to the system cache folder and Dashboard system widgets creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files and possibly gain administrative privileges, resulting in a loss of integrity.. Read more at osvdb.org/17272