The ping program is used to assess network connectivity between network devices. A denial of service condition exists in the ping program that may cause the system to panic by sending ping requests to a multicast address through the loopback interface. The system will ping itself; however, the incoming queue pointer is not yet initialized when the packet is received. Thus, the system will panic.
A buffer overflow condition has been discovered in the ffbconfig program which is used to configure the Creator Fast Frame Buffer (FFB) Graphics Accelerator, which is a component of the FFB Configuration Software Package (SUNWffbcf). This vulnerability may allow an unauthorized user to gain root access on the system.
There is a buffer overflow condition on arguments in Pluggable Authentication Modules (PAM) and unix_scheme (5.4 and 5.3). Therefore, an unauthorized user could exploit this vulnerability via the passwd program to gain root access. Under SunOS 5.5.1, 5.5.1_x86, 5.5, 5.5_x86, yppasswd and nispasswd are hard links to the passwd program and therefore are also vulnerable. Under SunOS 5.4 and 5.3, passwd, yppasswd, and nispasswd are separate programs but they dynamically link unix_scheme and are affected.
A GET request that specifies a nonexistent file with an IISAPI-registered extension (ie .pl, .idq) will cause the IIS server to return an error message that includes the full path of the root web server directory. This can happen if the file is referenced as the target of the GET or passed in a variable to a script that looks for the file.
An http get request against an IIS4 server will not be logged if the request is longer than 10150 bytes long.
An attacker may call the ISAPI DLL (ISM.DLL) located in the /scripts/iisadmin directory via the following syntax: http://www.server.com/scripts/iisadmin/ism.dll?http/dir. This URL prompts the user for a username/password to access the remote administration console, although approved access does not permit the user to commit changes to the IIS server, it may allow them to gather sensitive information about the web server and its configuration.
A vulnerability exists within the DataLynx's suGuard program which allows a local attacker to gain administrative privilege by exploiting poor use of the /tmp directory and poor programming.
Beginning April 1, 2001 and continuing through April 8, 2001, Windows applications will be offset by one hour - even though the system clock will show the proper time. This is due to the MSVCRT.DLL not correctly interpreting Daylight Savings time during any year in which April 1st falls on a Sunday. In these instances, the DLL is fooled into thinking that DST begins one week later on April 8th. MSVCRT.DLL shipping with MS VC++ versions 4.1, 4.2, 5.0 and 6.0 are thought to be vulnerable.
A number of security file access security vulnerabilities in suid programs that are part of Oracle may be exploited to obtain the privileges of the 'oracle' user and full access to the database system. The utilities implement insecure file creation and manipulation and they trust environment variables. These allow malicious users to create, append or overwrite files owned by the oracle user, as well as executing program as the oracle user. The exploit code creates a setuid Oracle shell, /tmp/.sh, by redirecting environment variables and creating a cmadmin script, which is then executed by running cmctl.
A vulnerability in FreeBSD's UNIX-domain protocol implementation of file descriptor passing can cause the kernel to panic. An attacker can exploit this vulnerability by sending a specially crafted message to the server, resulting in a kernel panic.
Services By CQR