Network Security News – Tuesday, August 16, 2005 Events
qmail commands.c Signed Index Issue
A remote overflow exists in qmail when running on 64 bit platforms with 8GB of virtual memory or more. The 'commands()' function fails to perform proper bounds checking resulting in an integer overflow. With a specially crafted request, a remote attacker can cause the process to crash resulting in a loss of availability.. Read more at osvdb.org/16344
VegaDNS index.php message Variable XSS
VegaDNS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18657
Leave a Reply