A CD or CWD command, argumented by an invalid '. .' (dot-space-dot) sequence can, if repeatedly issued, create a buffer overflow causing the server to halt, requiring a restart.
ovactiond is part of the system management software packages OpenView and Netview, distributed by HP and IBM. It is designed for use on enterprise systems, and offers remote administrative facilities. A problem with the software makes it possible for a remote user to execute commands on a managed system with the privileges of the ovactiond process (often 'bin' on Unix systems). The default configuration of the daemon as installed with HP OpenView enables the execution of commands upon receiving a trap with the command encapsulated in quotes and escapes. Tivoli Netview is not vulnerable to this by default, but may be if customized.
It may be possible for attackers to construct identd responses which exploit this subtle overflow condition. If successfully exploited, an attacker would gain root privileges on the affected host. It may also be possible for attackers to crash xinetd, which would result in a denial of service for all services started by inetd (telnet, ftp, etc).
A vulnerability exists in the implementation of the telnet service, which allows a remote client to perform a denial of service attack against a host. If approximately 4300 characters already exist in the input buffer and additional numerous specially chosen characters are provided, the service will stop responding.
A boundary condition error exists in suid wrapper (or 'su-wrapper.') The overflow occurs when a string exceeding approximately 1032 characters is given as the first argument when the program is run. Because the program is installed setuid root, it may be possible for local users to execute arbitrary code/commands with those privileges.
FCron is vulnerable to symbolic link attacks. It is possible for an attacker to anticipate the expected name of an fcron tempfile. Attackers can create a symbolic link with an anticipated filename pointing to files on the system writable by the fcron group. This could allow an attacker to corrupt another user's crontab file, interfering with scheduled events and potentially creating a denial of service. In addition, the ability to cause deletion of user crontabs has been demonstrated by the discoverer.
Pragma InterAccess for Microsoft 95/98 is a fully-featured commercial Telnet server. Pragma InterAccess does not adequately compensate for large bursts of data being sent to port 23(telnet). If an excessive amount of characters(15000+) are sent to this port then the program will terminate and telnet services will shut down on that host. The daemon must be restarted to regain functionality. This may be due to a buffer overflow condition. If this is the case, it may be possible for attackers to execute arbitrary code on the target host.
Internet Explorer contains a flaw which could enable a remote web site operator to retrieve a known file from a visiting user's system. If a specially formed script containing GetObject function with the known path to an existing file is embedded on a web page. Once the target user opens the web page, IE will return the contents of the file back to the web server.
Sudo (superuser do) is a security utility that allows administrator to give 'restricted' superuser privileges to certain users. Sudo contains a locally exploitable buffer overrun vulnerability. The overrun condition exists in the logging component, and occurs when data to be logged is being split into substrings to be passed to syslog(). It has been found that the overrun, when it occurs in memory on the heap (depends on which function has called do_syslog()), is exploitable. Local users may gain root access if this vulnerability is exploited successfully.
An attacker may construct a message header that tricks Address Book into making an entry for an untrusted user under the guise of a trusted one. This is done by sending a message with a misleading 'From:' field. When the message is replied to then Address Book will make an entry which actually replies to the attacker.
Services By CQR