Network Security News Monitor - Tuesday, June 06, 2006 Events

Cisco VPN Client Dialer Local Privilege Escalation

Cisco VPN Client for Windows contains an unspecified flaw related to the VPN Dialer that may allow a user to gain access to unauthorized privileges via privilege escalation. No further details have been provided.. Read more.

phpListPro editsite.php returnpath Variable Remote File Inclusion

PhpListPro contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to editsite.php not properly sanitizing user input supplied to the returnpath variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

IRIX lpstat -n Option Local Overflow

A local overflow exists in IRIX. The lpstat program fails to check bounds resulting in a buffer overflow. With a specially crafted request at the command line, an attacker may execute arbitrary code resulting in a loss of integrity.. Read more.

Mac OS X Xcode Tools WebObjects Plugin Project Manipulation

Mac OS X contains a flaw that may allow a malicious user to remotely access objects within a WebObjects project through the WebObjects plugin. The issue is triggered when the included version of Xcode Tools is used, which runs as a network service and allows outside network access. It is possible that the flaw may allow remote access to WebObjects projects resulting in a loss of integrity.. Read more.

IRIX mv Arbitrary File/Directory Modification

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the mv command creates a directory with world writable permissions when it is used to move a directory. This flaw may lead to a loss of integrity.. Read more.

IRIX inetd IPv6 Port Scan DoS

IRIX contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious attacker port scans a system that uses inetd over IPv6, resulting in loss of availability for any services that are started by inetd.. Read more.

IRISconsole icadmin Account Authentication Bypass

IRISconsole contains a flaw that may allow login to the "icadmin" account with the wrong password. It is possible that the flaw may allow a malicious attacker to gain administrative privileges over the IRISconsole environment resulting in a loss of integrity.. Read more.

IRIX rpc.espd Remote Overflow

A remote overflow exists in IRIX. The Embedded Support Partner (ESP) subsystem daemon (rpc.espd) fails to check bounds resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary commands on the system with root privileges resulting in a loss of integrity.. Read more.

Ottoman index.php default_path Variable Remote File Inclusion

Ottoman contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'default_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

Ottoman js.php default_path Variable Remote File Inclusion

Ottoman contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to js.php not properly sanitizing user input supplied to the 'default_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.