A memory leak has been reported in all versions of ProFTPd. The SIZE FTP command causes the server to misallocate and leak small amounts of memory each time the command is executed. If a sufficient number of these commands are executed by the server, substantial amounts of system memory can be consumed, allowing a remote attacker to carry out a denial of service attack on the affected host.
A problem has been reported in the handling of long file names with ReiserFS version 3.5.28 on SuSE Linux distribution 7.0. It is possible to create a directory with a long file name (the initial example displayed a directory with 768 characters), then attempt to list the file system using system binary ls or with built in shell function echo and create a Denial of Service. Upon attempting to list or echo the contents of the filesystem, a kernel buffer overflow occurs, overwriting variables on the stack including possibly the return address, as well as crashing the system. It may be possible for a malicious user to execute arbitrary code, deny service to legitimate users, and potentially break out of a chroot environment.
ConferenceRoom is a chat package which enables a large community of users to chat together. It is possible to cause a denial of service in ConferenceRoom by making duplicate connections and executing special server commands in both sessions. For ConferenceRoom 1.8.1, the commands are "/ns buddy on" on the second connection and "/ns buddy add <clone client nickname>" on the first connection, followed by "/ns auth accept 1" on the second connection. For ConferenceRoom 1.8.2, the commands are "/ns set authorize chanlists on", "/cs aop <#ChannelName> add <NickName>", and "/ns auth accept 1". Executing these commands will cause the service to crash and refuse any new connections.
bbs_forum.cgi is a popular Perl cgi script from eXtropia.com. It fails to properly validate user-supplied, URL-encoded input to the read environment variable. Maliciously-formed URLs submitted to the script may contain references to files on the host's filesystem, as well as shell commands which will be run with the privilege level of the webserver. As a result, unpatched affected versions of the script permit an attacker to execute arbitrary code and to read arbitrary files on the vulnerable system.
It is possible to cause a denial of service in NetScreen Firewall by requesting an unusually long URL to WebUI listening on default port 80. This will cause the firewall to crash and a restart of the service is required in order to gain normal functionality.
IBM HTTP Server and Websphere are subject to a denial of service caused by exhausting computer resources with malformed HTTP GET requests. A restart of the service is required inorder to gain normal functionality. The exploit is triggered by sending a malformed HTTP GET request with the following syntax: GET / HTTP/1.0user-agent: 20000xnull
It is possible for a remote user to gain access to any known file residing on the Lotus Domino Server 5.0.6 and previous. A specially crafted HTTP request comprised of '.nsf' and '../' along with the known filename, will display the contents of the particular file with read permissions. Successful exploitation of this vulnerability could enable a remote user to gain access to systems files, password files, etc. This could lead to a complete compromise of the host.
It is possible for a remote user to gain access to any known file residing on the Lotus Domino Server 5.0.6 and previous. A specially crafted HTTP request comprised of '.nsf' and '../' along with the known filename, will display the contents of the particular file with read permissions.
It is possible to execute a javascript URL from within the Windows Media Player ActiveX control embedded in HTML. This javascript can be executed in arbitrary 'already open' frames, specified within the ActiveX control. By doing this, an attacker can take over the frame's DOM (document object model), bypassing security restrictions. This would be accomplished through a special webpage and having the victim visit the webpage. An attacker exploiting this vulnerability can read files on the users filesystem and reportedly execute arbitrary programs on the victim host.
Informix Webdriver, the web-to-DB interface used by Informix database products, may permit unauthorized remote access to the system's administration functions. Under very specific circumstances, if webdriver is called directly, without any additional parameters included in the URL submitted to the server, the response will take the form of a remote administration page which can permit a malicious non-local user to modify or delete database information.
Services By CQR