The linux cdrecorder binary is vulnerable to a locally exploitable buffer overflow attack. When installed in a Mandrake 7.0 linux distribution, it is by default setgid 'cdburner' (which is a group, gid: 80, that is created for the application). The overflow condition is the result of no bounds checking on the 'dev=' argument passed to cdburner at execution time. This vulnerability can be exploited to execute arbitrary commands with egid 'cdburner'.
Omnis Studio 2.4 is a development tool for creating database applications. The tool gives developers the option to encrypt database entries. However, the encryption scheme used is weak and easily broken with any scientific calculator (or even pen and paper, if the attacker has a good knowlege of hex and ASCII). Each unencrypted byte is simply replaced with a value that depends on that byte's original value and the remainder of its position in the string divided by 4. Note that this vulnerability does not affect the security of Omnis Studio directly, but will be present in all applications that were designed using Omnis Studio.
By supplying a line of sufficient length to the MDBMS server, containing machine executable code, it is possible for a remote attacker to execute arbitrary commands as the user the db is running as.
A vulnerability exists in version 2.53 and prior of qpopper, a popular POP server, from Qualcomm. By placing machine executable code in the X-UIDL header field, supplying formatting strings in the 'From:' field in a mail header, and then issuing, as the user the mail was sent to, a 'euidl' command, it is possible to execute arbitrary code. This code will execute as the user executing the euidl command, but with group 'mail' permissions on hosts running qpopper in that group.
A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying a large, well crafted buffer containing machine executable code in place of the mount point, it is possible for users in the 'floppy' group to execute arbitrary commands as root.
A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying a large, well crafted buffer containing machine executable code in place of the mount point, it is possible for users in the 'floppy' group to execute arbitrary commands as root.
A denial of service exists in XFree86 3.3.5, 3.3.6 and 4.0. A remote user can send a malformed packet to the TCP listening port, 6000, which will cause the X server to be unresponsive for some period of time. During this time, the keyboard will not respond to user input, and in some cases, the mouse will also not respond. During this time period, the X server will utilize 100% of the CPU, and can only be repaired by being signaled. This vulnerability exists only in servers compiled with the XCSECURITY #define set.
OpenLDAP will create files in /usr/tmp, which is actually a symbolic link to the world writable /tmp directory. As OpenLDAP does not check for a files existence prior to opening the files in /usr/tmp, it is possible for an attacker to point an appropriately named symbolic link at any file on the filesystem, and cause it to be destroyed.
The code that handles the 'rcpt to' 'saml from' and 'soml from' commands in the ESMTP service of Lotus Domino Server has an unchecked buffer. If Lotus Domino Server receives an argument of more than 4 KB to the any of the listed commands, the system will crash and will require a reboot in order to regain normal functionality.
The Intel Express 8100 and possibly 8200 ISDN routers can be remotely crashed by sending fragmented or oversized ICMP packets. This can be done using libnet and isic-0.05 with the command icmpsic -s 127.0.0.1,23 -d <target.router.ip.address> -F 100 -f.
Services By CQR