A vulnerability exists in Check Point VPN-1/FireWall-1 4.1 SP2 that enables an attacker to establish connections to blocked TCP services through the firewall in certain configurations. Disabling Fastmode removes all known vulnerabilities.
A problem in the handling of large requests supplied with certain flags has been reported in Maj-Jong. Because of this, it may be possible for a local attacker to gain elevated privileges.
Athttpd is said to be prone to a remote buffer overrun that could allow an attacker to execute arbitrary code. The problem occurs due to insufficient bounds checking when handling GET requests. As a result, an attacker may be capable of overrunning the bounds of an internal memory buffer and effectively control the flow of execution.
A vulnerability has been discovered in MPLayer when handling malformed streaming ASX file headers. The problem occurs due to insufficient bounds checking performed within asf_http_request(). It has been demonstrated that it is possible for a remote attacker to provide a malicious streaming ASX file that will overrun the bounds of a reserved buffer, when a vulnerable version of MPlayer is used to interpret the file. Remote arbitrary code execution has been confirmed possible.
It has been reported that wzftpd is prone to a remote denial of service condition due to malicious user-supplied input. The problem is reported to present itself when a remote attacker sends a single CRLF character to the vulnerable program during the login process. This attack may cause the software to improperly handle the exceptional condition and lead to a crash.
It has been reported that SCO OpenServer Internet Manager 'mana' process is prone to an authentication bypass issue. The issue is reported to occur as a local user is able to export the REMOTE_ADDR environment variable and set its value to 127.0.0.1. This would cause the mana process to execute the file menu.mana with administrative privileges without proper authentication. Normally executing mana would require proper credentials.
It has been reported that ICQ Webfront is prone to a cross-site scripting vulnerability in the message field of the guestbook module. This issue is caused by improper sanitization of user-supplied data. Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials from a user. Other attacks are possible as well.
It has been discovered that Apache::Gallery, when using Inline C, stores shared libraries in an insecure fashion. As a result, an attacker may be capable of having malicious code linked into the Apache process. This could lead to a malicious local user gaining the privileges of the user invoking the Apache process, typically user nobody.
A local attacker, who can authenticate or has access as the db2as user, may exploit this issue to execute arbitrary instructions with elevated privileges. Specifically, user 'root' privileges. The exploit involves passing a string of 1287 "A" characters to the db2dart utility.
It is reportedly possible to reproduce this condition by sending a fragmented flood of spoofed UDP packets to a vulnerable system. This will reportedly consume system resources and may ultimately result in the system locking up until the attack desists.
Services By CQR