The shared library 'ndwfn4.so' that ships with Oracle Application Server is vulnerable to a buffer overflow. The library is used to handle web requests passed to it by the iPlanet web server. If the library is sent a request longer than approximately 2050 characters, it will overflow. A request string could be constructed to trigger the overflow and allow a malicious remote user to execute unprivileged arbitrary code.
Strip is a password generation utility made freely available by Zetetic Enterprises. Strip is a PalmOS based application designed to generate and store important passwords. A problem with Strip makes it possible for a user that has attained an encrypted password generated with Strip to easily guess the password. The pseudo-random number generation is done through the SysRandom() syscall of PalmOS, which offers simplistic number generation. Additionally, the PNRG is seeded with number that may be small depending on the operation time of the Palm device. Finally, the maximum size of the seed is 16 bits. Therefore, it is possible for a user to easily guess passwords generated with Strip, which have a maximum of 2^16 possibilities.
A problem with the ftp daemon included with the Solaris Operating Environment could allow remote users to gain access to names of valid user accounts. Prior to logging in, while in.ftpd is still negotiating the session, it is possible to present a request for a change of working directory (CWD) to the ftp daemon. If the account is valid, the daemon will issue a request for login and password. If not, the daemon returns an error message stating that the login name is not valid.
A hostile user can enter commands embedded in an email address via the subscription form, and then force a mailing which will execute the commands.
The X11 server that ships with Sun Microsystems' Solaris, Xsun, contains a locally exploitable buffer overflow vulnerability. The condition is present when the value of the HOME environment variable is of excessive length (more than 1050 bytes long). An attacker may exploit this vulnerability to execute arbitrary code with effective group 'root' privileges.
SCO OpenServer 5.0.6 (and possibly earlier versions) ships with a suid 'bin' executable called 'recon'. 'recon' is used to buffer and forward escape sequences from a user's input to timing-sensitive applications. 'recon' contains a locally exploitable buffer overflow condition present in the handling of command-line parameters. If properly exploited, this can yield user 'bin' privileges to the attacker.
The Kodak Color Management System, or KCMS, is a package that ships with workstation installations of Solaris 7 and 8. kcms_configure, a part of KCMS, is vulnerable to a buffer overflow if it is passed an overly long string on the command-line by a local user. kcms_configure is installed setuid root, so a buffer overflow can lead to arbitrary code execution as root. An exploit for x86 Solaris is available to attackers.
The Kodak Color Management System, or KCMS, is a package that ships with workstation installations of Solaris 7 and 8. kcms_configure, a part of KCMS, is vulnerable to a buffer overflow if it is passed an overly long string on the command-line by a local user. kcms_configure is installed setuid root, so a buffer overflow can lead to arbitrary code execution as root. An exploit for x86 Solaris is available to attackers.
SCO OpenServer 5.0.6 (and possibly earlier versions) ships with several suid bin executables used in printer administration and related tasks. This includes lpusers, a component used to set the queue priority of jobs submitted to the LP print service by users. 'lpusers' contains a locally exploitable buffer overflow vulnerability that occurs when commandline arguments are of excessive length. If properly exploited, this can yield root privilege to the attacker.
This module exploits the buffer overflow found in the LICMGR_ADDLICENSE Field of EIQ networks network analyser this module exploits buffers of 1262 bytes in size. This module should work on all rebranded eiq analysers. Exploitation assistance from KF of digital munition.
Services By CQR