Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

FreeBSD SMBFS Traversal chroot Bypass

Network Security News – Friday, June 02, 2006 Events

FreeBSD SMBFS Traversal chroot Bypass

FreeBSD contains a flaw that allows a remote attacker to escape a chroot environment when the chroot is implemented over a Server Message Block File System (SMBFS). The issue is due to the SMBFS not properly sanitizing user input, specifically directory traversal style attacks (..\). This flaw may lead to a loss of integrity.. Read more at osvdb.org/25851

Mac OS X Server QuickTime Server Missing Track DoS

Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when a Quicktime movie with a missing track causes a null pointer dereference, and will result in loss of availability for the Quicktime server.. Read more at osvdb.org/25599

Mac OS X Server QuickTime Streaming Server RTSP Request DoS

A remote overflow exists in Mac OS X Server. The Quicktime Streaming Server fails to validate RTSP requests resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/25600

Mac OS X Mail Enriched Text Color Arbitrary Class Allocation Code Execution

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when invalid color information is included in enriched text email, which could cause the allocation and initialization of arbitrary classes. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/25594

Mac OS X MySQL Manager Blank root Password

By default, MySQL Manager on Mac OS X installs with a default password, which is not changed, even if a password is entered when prompted during setup. The root account has a blank password which is publicly known and documented. This allows local attackers to trivially access the program or system.. Read more at osvdb.org/25595

Mac OS X Safari Archive Expansion Symbolic Link Target Execution

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when an archive file is downloaded with Safari's "Open

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *