Network Security News Monitor - Monday, March 20, 2006 Events

Novell NetWare NWFTPD MDTM Command Path Name Overflow DoS

A remote overflow exists in NWFTPD. The product fails to perform correct boundary checks on the target file of an MDTM command resulting in a buffer overflow. With a specially crafted file path, an attacker can cause denial of service resulting in a loss of availability for the platform.. Read more.

ENet Library enet_host_service header.commandLength Parameter Overflow DoS

ENet Library contains a flaw that may allow a remote denial of service. The issue is triggered when a packet with a large command length value is sent to the enet_host_service which leads to an invalid memory access resulting in loss of availability for the service.. Read more.

GGZ Gaming Zone Crafted XML DoS

GGZ Gaming Zone contains a flaw that may allow a remote denial of service. The issue is triggered when joining the server with a nickname that contains the single quote character at the end, with a nickname that is longer than 16 characters, or via an overly long text message, and will result in loss of availability for the service.. Read more.

Mercur Messaging IMAP Service Multiple Command Remote Overflow

A remote overflow exists in MERCUR Messaging Server IMAP service. The product fails to perform boundary checks on login and select commands resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more.

ENet Library enet_host_service Fragmented Packet Data Allocation DoS

ENet Library contains a flaw that may allow a remote denial of service. The issue is triggered when the enet_host_service tries to reassemble fragmented packets with an overly large total data size value, and will result in loss of availability for the service.. Read more.

CGI::Session Session File Permission Weakness Local Information Disclosure

CGI::Session contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when Driver::File creates a session file without setting permissions. With a standard umask setting, the session file will be world readable, resulting in a loss of confidentiality.. Read more.

CGI::Session Multiple Module /tmp Symlink Arbitrary File Overwrite

CGI::Session contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the Driver::File, Driver::db_file and Driver::sqlite modules creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more.

CGI::Session Driver::db_file cgisess.db Remote Disclosure

CGI::Session contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when Driver::db_file writes to the cgisess.db file with insecure permissions, which will disclose session information resulting in a loss of confidentiality.. Read more.