dumpenv.pl is a utility that will display environment information on which the server resides, this information could include the server software version being used, directory settings and path information. The default authentication credentials for the administrator account in a Sambar Server is Username: admin with the password left blank. Once a remote user has gained knowledge of the path to log into the admin account, it is possible for the user to login to the server via an http request. This unauthorized access is gained providing that the default settings have not been changed.
micq is a chat program for Linux systems. micq-0.4.6 running on Linux/ix86 (Slackware 7.1 - RedHat 6.1) is vulnerable to a remote buffer overflow attack. This may allow remote attackers to gain access to vulnerable hosts.
A problem with the view-source script included with the httpd package bundled with Skunkware 2.0 could allow access to restricted files remotely. The problem occurs in the handling of slashes and dots when appended to the view-source script. By appending a series of double-dots and slashes to a query using the view-source script, it is possible to traverse the directory structure on a web server. By doing so, it is possible for to view the contents of directories, and files that are readable by the UID of the httpd process.
Due to a design problem in the software package, the PHP/FI software package allows a remote user to browse directories and view files stored on the local host. It is possible to view only those files which the UID of the local httpd process has access to read. A user with malicious intent could use this vulnerability to gather information on the local host, and possibly gain remote access to encrypted user passwords on a system not using the shadow password suite.
Certain versions of HP JetDirect enabled printers provide a function (PJL command) that changes the LCD display on a printer over TCP/IP. Arbitrary strings can be sent to the LCD display by a remote user using this command. This represents more of a nuisance than a threat, although it is conceivable that the ability to modify the display could be used in some sort of 'social engineering' scheme.
Some FTP servers provide a 'conversion' service that pipes a requested file through a program, for example a decompression utility such as 'tar', before it is passed to the remote user. Under some configurations where this is enabled a remote user can pass a filename beginning with a minus sign to FTP, which will pass this as an argument to the compression/archiver program (where it will be erroneously treated as a command line argument other than a filename). It may be possible to exploit this and execute commands on a remote machine. An example of this exploits the '--use-compress-program PROG' parameter passed to tar; if PROG refers to a program that is accessible to the FTP server, it will be executed. The remote user must have access to a writeable directory in order to exploit this.
qmail is an e-mail server package developed by Dan Bernstein. The qmail smtp server is subject to a denial of service. By specifying a large number of addresses in the recipient field (RCPT), qmail will stop responding. This behaviour is due to the dynamically allocated memory being exhausted. The condition occurs in situations where resource limits are not imposed on the server process. Many systems may be running qmail without resource limits. The existence of working exploit code poses a threat to these vulnerable qmail servers. Once affected, a restart of the qmail smtp service is required in order to gain normal functionality.
qmail is an e-mail server package developed by Dan Bernstein. The qmail smtp server is subject to a denial of service. By specifying a large number of addresses in the recipient field (RCPT), qmail will stop responding. This behaviour is due to the dynamically allocated memory being exhausted. The condition occurs in situations where resource limits are not imposed on the server process. Many systems may be running qmail without resource limits. The existence of working exploit code poses a threat to these vulnerable qmail servers. Once affected, a restart of the qmail smtp service is required in order to gain normal functionality.
A problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain.
Versions 1.3.2 and 1.3.3 of tinyproxy, a small HTTP proxy, exhibit a vulnerability to heap overflow attacks. A failure to properly validate user-supplied input which arguments a call to sprintf() can allow unexpectedly large amounts of input to a buffer (used to display error messages) to be written past the boundary of the allocated space on the heap. As a result, it may be possible to execute a denial of service attack, or even to execute arbitrary commands if certain internal memory structures can be successfully overwritten.
Services By CQR