Network Security News Monitor - Thursday, June 01, 2006 Events

NetPanzer Surface.hpp setFrame() Remote DoS

NetPanzer contains a flaw that may allow a remote denial of service. The issue is triggered when a client uses a flag (called also frameNum) greater than 41, and will result in loss of availability for the service.. Read more.

Mac OS X Mail MacMIME Attachment Integer Overflow

A remote overflow exists in Mac OS X. Mail fails to validate MacMIME encapsulated attachments resulting in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more.

Mac OS X passwd Temp File Symlink Arbitrary File Manipulation

Mac OS X contains a flaw that may allow a malicious local user to create arbitrary files on the system. The issue is due to the passwd program creating temporary files insecurely, using the form /tmp/.pwtmp.<pid> where <pid> is the process id
of the passwd process. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more.

Mac OS X Preview Directory Hierarchy Overflow

A local overflow exists in Mac OS X. Preview fails to validate deep directory hierarchies resulting in a stack buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more.

Mac OS X Safari LaunchServices Long Extension Safe File Open Bypass

Mac OS X contains a flaw that may allow a malicious user to cause Safari to automatically open unsafe content. The issue is triggered when long file name extensions are used to prevent Download Validation from correctly determining the file type. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.. Read more.

Mac OS X Keychain Lock Bypass

Mac OS X contains a flaw that may allow a malicious application to access Keychain items without first requesting that the Keychain be unlocked. The issue is triggered when the application has obtained a reference to a Keychain item prior to the keychain being locked, which may allow the application to continue to use the item. It is possible that the flaw may allow unauthorized access to login information resulting in a loss of confidentiality.. Read more.

Mac OS X FTP Server Path Name Overflow

A remote overflow exists in Mac OS X. The FTP server fails to handle several unspecified boundary conditions resulting in a buffer overflow. With a specially crafted request, an authenticated user can cause arbitrary code execution with the privileges of the FTP server resulting in a loss of integrity.. Read more.

Mac OS X Firmware Unspecified Password Bypass

Mac OS X contains an unspecified flaw related to the firmware authentication on Intel-based machines that may allow an attacker to bypass the fireware password. No further details have been provided.. Read more.

Mac OS X CoreFoundation Untrusted Bundle Arbitrary Code Execution

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when CoreFoundation registers an untrusted bundle without user interaction. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.. Read more.

Mac OS X CFNetwork Integer Overflow

A remote overflow exists in Mac OS X. The CFNetwork component used by Safari and other applications fails to validate chunked transfer encoding resulting in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more.

Vuln: Chipmunk Guestbook Index.PHP SQL Injection Vulnerability

Chipmunk Guestbook Index.PHP SQL Injection Vulnerability. Read more.

Vuln: WeOnlyDo SFTP ActiveX Control Remote Arbitrary File Access Vulnerability

WeOnlyDo SFTP ActiveX Control Remote Arbitrary File Access Vulnerability. Read more.