eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously constructed arguments that will exploit this vulnerability. eXtremail runs with root privileges. By exploiting this vulnerability, remote attackers can gain superuser access on the underlying host and can crash eXtremail. If the system is not restarted automatically, a denial of SMTP service will result.
eXtremail is a freeware SMTP server available for Linux and AIX. eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously constructed arguments that will exploit this vulnerability. eXtremail runs with root privileges. By exploiting this vulnerability, remote attackers can gain superuser access on the underlying host and can crash eXtremail. If the system is not restarted automatically, a denial of SMTP service will result.
Due to an unchecked buffer in a subcomponent of FrontPage Server Extensions (Visual InterDev RAD Remote Deployment Support), a specially crafted request via 'fp30reg.dll' could allow a user to execute arbitrary commands in the context of IWAM_machinename on a host running IIS 5.0. A host running IIS 4.0, could allow the execution of arbitrary commands in the SYSTEM context.
1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility. One of the components of this package, 'tradecli.dll', allows users to specify a template file, the contents of which will be output. Remote attackers can request dos devices, such as 'con', 'com1', 'com2', etc. When 'tradecli.dll' attempts to open these files a denial of service may occur.
1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility. One of the components of this package, 'tradecli.dll', allows users to specify a template file, the contents of which will be output. If the requested file does not exist, the error message will contain the absolute path of the application on the webserver. This information may assist in further attacks.
Cerberus FTP Server is a free, multi-threaded file transfer utility for Microsoft Windows systems. There is a buffer overflow in Cerberus FTP Server. The problem occurs when a user is attempting to authenticate. If the login fields(username, password) are filled with an excessive amount of characters(300+) then the affected service will crash. The FTP Server software will need to be restarted to regain normal functionality. It has also been reported that entering an excessive amount of characters in just the password field will acheive the same result. Due to the fact that the problem stems from a buffer overflow, there is a possibility that arbitrary code may be executed on the vulnerable host. This vulnerability does not require any user authentication to exploit. It may be possible for remote users to cause a denial of service or execute arbitrary code on target hosts.
A buffer overflow in the -o of the ptexec command exists. It is possible for a local user to overwrite stack memory, including the return address. This makes it possible for a local user to gain elevated privileges, and potentially full administrative access.
A buffer overflow vulnerability exists in the 'w3m' client program. The overflow occurs when a base64-encoded string exceeding approximately 32 characters in length is received in a MIME header field. As a result, it may be possible for a malicious remote server to execute arbitrary code on a user's system.
DCShop is a GCI-based ecommerce system from DCScripts. Under certain configurations, a beta version of this product can allow a remote user to request and obtain files containing confidential order data, including credit card and other private customer information, as well as the DCShop admnistrator login ID and password.
Performance Co-Pilot (PCP) is a set of services to support system-level performance monitoring developed by SGI. It has traditionally been an IRIX product, however SGI has made it open source and it is now available for Linux systems. One of the utilities that ships with PCP is called 'pmpost'. It is often installed setuid root by default. When writing to the 'NOTICES' file in its user-definable log directory, 'pmpost' will follow symbolic links. Since the data written is user-supplied (the command-line arguments), it is possible to gain superuser privileges if 'pmpost' is setuid root.
Services By CQR