Network Security News – Saturday, October 22, 2005 Events
RSA Authentication Agent for Web IISWebAgentIF.dll Redirect Overflow
A remote overflow exists in RSA Authentication Agent for Web for IIS. IISWebAgentIF.dll fails to validate the length of the "url" parameter in the "Redirect" method, resulting in a stack-based buffer overflow. With a specially crafted GET request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/20151
Kerio Personal/Server Firewall Driver Memory Locking Local DoS
The Kerio Firewall driver contains a flaw that may allow a local denial of service. The issue is triggered when Kerio is reading the PEB (Process Environment Block) of applications that are trying to connect to the internet. If the application has the PEB region locked, the Kerio Firewall driver will crash resulting in a loss of availability for the program.. Read more at osvdb.org/19961
Virtools Web Player Filename Processing Overflow
A remote overflow exists in Virtools Web Player. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted file containing an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/19815
UnixWare ppptalk Local Overflow
A local overflow exists in UnixWare. The 'ppptalk' binary fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary code execution with root privileges resulting in a loss of integrity.. Read more at osvdb.org/20155
Sophos Anti-Virus Visio File Processing Overflow
A remote overflow exists in Sophos Anti-Virus. The Anti-virus engine fails to perform proper bounds checking resulting in a heap-based buffer overflow. With a specially crafted Visio file, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/18464
Quick n Easy FTP Server USER Command Remote Overflow DoS
A remote overflow exists in Quick 'n Easy FTP Server. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long string to the 'USER' command, a remote attacker can cause the application to crash resulting in a loss of availability.. Read more at osvdb.org/18664
CA iGateway Debug Mode HTTP GET Request Overflow
A remote overflow exists in Computer Associates iGateway. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted HTTP GET request, a remote attacker can cause arbitrary code execution with SYSTEM privileges resulting in a loss of integrity.. Read more at osvdb.org/19920
Oracle iSQL*Plus TNS Listener Unauthorized Shutdown DoS
Oracle Database 9i Release 2 contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker provides malformed input to the 'isqlplus' script, which will result in a minor loss of availability for the TNS Listener service.. Read more at osvdb.org/20056
Leave a Reply