Network Security News – Friday, March 17, 2006 Events
Gemini createissue.aspx rtcDescription$RadEditor1 Variable XSS
Gemini contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'rtcDescription$RadEditor1' variable upon submission to the createissue.aspx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23907
Linux Kernel Multiple Function String Length Modification Race Condition Local Information Disclosure
The Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when a race condition occurs that allows an attacker to modify an argument of a copy operation after is has been validated, but before it is used. This may present a window of opportunity for an attacker to gain access to sensitive information stored in memory.. Read more at osvdb.org/23894
CrossFire request.c SetUp() Function Remote Overflow
A remote overflow exists in CrossFire. CrossFire fails to properly handle boundary conditions within the SetUp() function in "request.c" when handling malicious content received in the "setup" command resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/23904
Debian Installer Log File Information Disclosure
Debian Linux passwd and base-config contain a flaw that may lead to an unauthorized information disclosure. The issue is caused by sensitive information written to world readable log files during the installation process resulting in a loss of confidentiality.. Read more at osvdb.org/23922
Leave a Reply