Recent versions of the Linux kernel include a collection of file descriptors which are reserved for usage by processes executing as the root user. By default, the size of this collection is set to 10 file descriptors. It is possible for a local, non-privileged user to open all system file descriptors. The malicious user may then exhaust the pool of reserved descriptors by opening several common suid binaries, resulting in a denial of service condition.
A boundry condition error has been discovered in the efstool program. Due to improper bounds checking, it is possible for a user to supply a long commandline argument to the efstool program, which would result in a buffer overflow. This problem could be exploited on the local system to overwrite stack memory, including the return address, and execute attacker supplied code.
An off-by-one issue exists in mod_ssl that affects Apache when handling certain types of long entries in an .htaccess file. A .htaccess file with 10000 or more bytes set into the variable DATE_LOCALE will result in a buffer overflow within the web server process handling the request.
A buffer overflow has been discovered in the gds_drop program packaged with Interbase. This problem could allow a local user to execute the program with strings of arbitrary length. By using a custom crafted string, the attacker could overwrite stack memory, including the return address of a function, and potentially execute arbitrary code. Firebird is based on Borland/Inprise Interbase source code and is therefore also prone to this issue.
A remote attacker is able to connect to SimpleServer via telnet and makes an invalid request to the server. This will cause the web server to crash and potentially lead to a buffer overflow condition.
csNews is a script for managing news items on a website. It is possible for a malicious admin user to bypass file type restrictions on the header and footer file. This may result in arbitrary system files being displayed to remote users, and the disclosure of sensitive information. The ability to exploit this vulnerability may only require 'public' access to csNews if used in conjunction with issues discussed in BID 4993.
A format string vulnerability exists in TrACESroute. The problem exists in the terminator (-T) function of the program. Due to improper use of the fprintf function, an attacker may be able to supply a malicious format string to the program that reults in writing of attacker-supplied values to arbitrary locations in memory.
When an attempt to connect to the router is made using the administrative software, the router sends the password to the client in plain text. This packet is sent via UDP.
A remote buffer overflow vulnerability has been reported in some versions of SHOUTCast Server. An authenticated DJ may supply oversized data to the server, which will then overflow a memory buffer. Execution of arbitrary code is reported to be possible.
When creating memory dump files, the QNX RTOS debugging utility 'dumper' follows symbolic links. It also sets ownership of the file to the userid of the terminated process. It is possible for malicious local attackers to exploit this vulnerability to overwrite and gain ownership of arbitrary files. Consequently, attackers may elevate to root privileges by modifying files such as '/etc/passwd'.
Services By CQR