Network Security News – Wednesday, July 27, 2005 Events
Clam AntiVirus CHM File Processing Filename Overflow
A remote overflow exists in Clam AntiVirus. Clam AntiVirus fails to perform adequate boundary check in libclamav/chmunpack.c, resulting in a heap overflow. With a specially crafted request, an attacker can gain privileges equal to those of the Clam AntiVirus process, possibly allowing for a remote system compromise.. Read more at osvdb.org/18258
Clam AntiVirus TNEF File Processing Multiple Overflows
A remote overflow exists in Clam AntiVirus. Clam AntiVirus fails to perform adequate boundary check in libclamav/tnef.c, resulting in a heap overflow. With a specially crafted request, an attacker can gain privileges equal to those of the Clam AntiVirus process, possibly allowing for a remote system compromise.. Read more at osvdb.org/18257
GoodTech SMTP Server RCPT TO Command Remote Overflow
A remote overflow exists in GoodTech SMTP Server. The RCPT TO command fails to validate user-supplied arguments resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/18250
SSH Secure Shell for Workstations URL Catcher Feature Remote Overflow
A remote overflow exists in SSH Secure Shell for Workstations. The URL Catcher feature fails to check the length of clicked URLs in terminal windows, resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/18239
Microsoft Windows Task Scheduler Remote Overflow
A remote overflow exists in Microsoft Windows. The Task Scheduler application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted *.job file, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/7798
Oracle Database Nondescript SQL Injection
Oracle Database contains a flaw that may allow a remote attacker to carry out an SQL injection attack. No further details have been provided.. Read more at osvdb.org/15439
Oracle DIRECTORY Objects Information Disclosure
Oracle Database contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered due to the 'DIRECTORY' objects which contains the location of a specific operating system directory, that may allow a remote attacker with read privileges to disclose sensitive information resulting in a loss of confidentiality.. Read more at osvdb.org/15440
Leave a Reply