Microsoft Windows Color Management Module ICC Profile Format Tag Remote Overflow

Network Security News – Saturday, July 16, 2005 Events

Microsoft Windows Color Management Module ICC Profile Format Tag Remote Overflow

A remote overflow exists in Microsoft Windows. The Microsoft Color Management Module fails to handle International Color Consortium (ICC) profile format tag validation before passing it to the buffer, resulting in a buffer overflow. With a specially crafted malicious image file, an attacker can execute arbitrary code with privileges of the victim, resulting in a loss of integrity.. Read more at osvdb.org/17830

CzarNews news.php Remote File Inclusion

CzarNews contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to news.php not properly sanitizing user input supplied to the 'tpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/14926

CzarNews headlines.php Remote File Inclusion

CzarNews contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to headlines.php not properly sanitizing user input supplied to the 'tpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/14925

Whois.Cart profile.php page Variable Arbitrary Script Insertion (Myth/Fake)

Whois.Cart has been reported to contain a flaw that would allow a remote attacker to inject arbitrary script code in the 'page' parameter of the profile.php script. Subsequent testing and evaluation along with vendor provided source code indicates that input appears to be properly sanitized before being passed to the profile.php script.. Read more at osvdb.org/17459

SunOS buglib.so sync Account Local Privilege Escalation

SunOS contains a flaw that may allow a local unprivileged user to gain root privielges. The issue is due to the 'sync' account containing no password, allowing anyone to access it without authentication. Further, by supplying a custom sync library when logging into the account, the system will execute arbitrary commands under the 'sync' privileged ID, usually with root equivilent privileges.. Read more at osvdb.org/17840

SunOS Unpassworded sync Account Multiple Issues

SunOS contains a flaw related to the default unpassworded 'sync' account that may allow local and remote users to carry out unintended activities. First, local users may use the account to obscure their entry in the 'who' output. This may make it difficult for administrators to track user activity or notice suspicious behavior. Second, if the 'root' account is set to use / as a home directory, the 'sync' account (which defaults to / for home directory) may execute start up files before running the /bin/sync command as intended. This may allow an unprivileged local/remote attacker to execute programs unexpectedly, and potentially gain access to the system through other means such as breaking out of interactive processes. Third, a remote user may be able to use the account to see the local 'motd' (message of the day) file which could disclose sensitive system information.. Read more at osvdb.org/17839

Microsoft Windows Network Connections Service netman.dll Remote DoS

Windows contains a flaw that may allow a remote denial of service. The issue is due to an error in a function within netman.dll that when given a large integer will result in loss of availability for the network connections service.. Read more at osvdb.org/17885