-
December 27th, 2002, 10:50 AM
#1
a few bugs
Hey all, i found these today and i thought id share them with you because some are in software some of you may use so im posying em for you:
PKZIP
Vendor: PKWARE
An input validation vulnerability was reported in PKZIP. A
remote user can create a malicious '.tar' archive that, when opened
by the target user, may cause arbitrary files to be overwritten or
created on the target user's computer.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2002/Dec/1005825.html
----------------------------------------------------------------------------------------------
This one im posting because i know some of you use Linux:
Linux Kernel
Vendor: [Multiple Authors/Vendors]
A vulnerability was reported in the Linux operating system
kernel (version 2.2.x) in the /proc/pid/mem interface. A local
user could cause the system to crash, requiring a manual reboot to
return to normal operations.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2002/Dec/1005822.html
--------------------------------------------------------------------------------------------------
Symantec Enterprise Firewall (Raptor)
Vendor: Symantec
A buffer overflow vulnerability was reported in the Symantec
Enterprise Firewall in RealAudio proxy and the statistics function.
A remote user can cause the proxy to crash and restart. A remote
user may be able to execute arbitrary code [but that has not been
confirmed].
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2002/Dec/1005814.html
------------------------------------------------------------------------------------------
Cryptainer
Vendor: Cypherix
An information disclosure vulnerability was reported in
Cryptainer PE and Cryptainer 2.0. A local user may be able to view
the password in memory.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2002/Dec/1005811.html
---------------------------------------------------------------------------------------------------------------
Windows Shell
Vendor: Microsoft
A buffer overflow vulnerability was reported in the Windows
Shell on Windows XP. A remote user could cause the system to crash
or execute arbitrary code on the system.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2002/Dec/1005833.html
--------------------------------------------------------------------------------------------------
Winamp
Vendor: Nullsoft
Several buffer overflow vulnerabilities were reported in
Nullsoft's Winamp audio player. A remote user could create
malicious MP3 files that will cause arbitrary code to be executed
on the player.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2002/Dec/1005834.html
-----------------------------------------------------------------------------------------------------------
StormWatch
Vendor: OKENA
A default configuration vulnerability was reported in OKENA's
StormWatch intrusion prevention system. A remote user can gain
administrative access on the underlying SQL database.
Impact: User access via network
Alert: http://securitytracker.com/alerts/2002/Dec/1005836.html
---------------------------------------------------------------------------------------------------------------
Cisco IOS
Vendor: Cisco
A denial of service vulnerability was reported in the SSH
implementation of Cisco Routers and Catalyst Switches running Cisco
IOS. A remote user can cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2002/Dec/1005838.html
--------------------------------------------------------------------------------------------------------
Cisco IOS
Vendor: Cisco
A denial of service vulnerability was reported in Cisco IOS
Routers. A remote user can send spoofed Cisco Enhanced IGRP
(EIGRP) routing protocol data to an EIGRP-configured router to
cause the router to consume network bandwidth and router CPU
resources.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2002/Dec/1005840.html
--------------------------------------------------------------------------------------------------------------
Well, hope you guys enjoyed reading that and i left the links so you could look into it more if you wanted to and secure your systems against it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|