NAI Security Advisory - Multiple FTP server implementations contain buffer overflows that allow local and remote attackers to gain root privileges on affected servers. These vulnerabilities are contingent upon the remote user having the ability to create directories on the server hosting the FTP daemon, with the exception of a few cases noted below. The vulnerabilities presented are all related to the use of the glob() function, and can be divided into the following two categories - glob() expansion vulnerabilities and glob() implementation vulnerabilities. Vulnerable FTP servers include OpenBSD, NetBSD, FreeBSD, Irix, HPUX 11, and Solaris 8.
14a21100e205f31e8a5af8bf40f62968749848f4653fa977060110baa1c23a96Network Associates Security Advisory COVERT-2001-01 - BIND v8.2.2 to 8.2.3-T9B contains buffer overflows that allows a remote attacker to execute arbitrary code. The overflow is in the initial processing of a DNS request and therefore does not require an attacker to control an authoritative DNS server. This vulnerability not dependent upon configuration options and affects both recursive and non-recursive servers. Additional remote format string and buffer overflows affect v8.2 through 8.2.3-T9B and v4.9.3 to v4.9.7. ISC's description of the problems available here.
0dc7c588880d158bf0463b6985c16a22f3debb3dc8fa15807d452573395d7286Network Associates COVERT Labs Security Advisory - The Microsoft Windows implementation of NetBIOS allows an unsolicited UDP datagram to remotely deny access to services offered by registered NetBIOS names. An attacker can remotely shut down all Domain Logins, the ability to access SMB shares, and NetBIOS name resolution services. Vulnerable systems include all versions of Microsoft Windows 95, 98, NT and 2000.
2d068bd5c36d3f9dd4eb851e353b34f0284a6efd67b392a3dc8c87051d4f5ad9Network Associates COVERT Labs Security Advisory - The indexing utility webfind.exe distributed with O'Reilly WebSite Professional contains an unchecked buffer allowing for the remote execution of arbitrary code on vulnerable hosts.
36228147ba09ed48a48ec3c22b40ef8ab5a8ced86f40414d41d26c67a57aee4cNetwork Associates COVERT Labs Security Advisory - The L-Soft LISTSERV web archive (wa,wa.exe) component contains an unchecked buffer allowing remote execution of arbitrary code with the privileges of the LISTSERV daemon. Vulnerable systems include L-Soft LISTSERV Web Archives 1.8d (confirmed) and 1.8c (inferred) for Windows 9x, Windows NT 3.5x, Windows NT 4.0, Windows 2000, UNIX (all vendors), and OpenVMS VAX.
a3eaef27c0c60ab4d4d042110fa7fbaa9e62953241047c765cb69fd3ca8bafd8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed