qmailadmin autorespond Multiple Variable Remote Overflow

Network Security News – Saturday, August 13, 2005 Events

qmailadmin autorespond Multiple Variable Remote Overflow

A remote overflow exists in the 'autorespond' utility included in the qmailadmin package. autorespond fails to perform boundary checks when copying environment variables set by the Mail Transfer Agent (MTA). With a specially crafted request, an attacker can cause a buffer overflow resulting in a loss of integrity and availability.. Read more at osvdb.org/2440

qmail substdio_put Function Signedness Issue

A remote overflow exists in qmail when running on 64 bit platforms with 4GB of virtual memory or more. The 'substdio_put()' function fails to perform proper bounds checking resulting in an integer overflow. With a specially crafted request, a remote attacker can cause the qmail process to crash resulting in a loss of availability.. Read more at osvdb.org/16345

tDiary HTTP GET Cross-Site Request Forgery

tDiary contains a flaw that allows a Cross-Side Request Forgery (CSRF). This flaw exists because the application does not verify that requests to privileged URLs come from appropriate tDiary web pages. This could allow a user to create a malicious URL (within or outside the tDiary application) which if followed by an authenticated tDiary user, causes privileged actions to happen on behalf of the tDiary user or web server. This flaw can be used to delete tDiary entries, change tDiary configurations, and execute privileged commands on behalf of the web server.. Read more at osvdb.org/18604

Gaim Non-utf8 Invalid Filename Remote DoS

Gaim contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker attempts to send a file with non-utf8 characters, and will result in loss of availability for the program.. Read more at osvdb.org/18668