Sax2 Network Intrusion Detection System

A professional intrusion detection and protection system (NIDS) which excels at real-time packet capture, 24/7 network monitor, advanced protocol analysis and automatic expert detection.  

Name: CVE-2003-0002

Description:
Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter. Status: Entry
Reference: BUGTRAQ:20021007 CSS on Microsoft Content Management Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103417794800719&w=2
Reference: MS:MS03-002
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-002.asp
Reference: BID:5922
Reference: URL:http://www.securityfocus.com/bid/5922
Reference: XF:mcms-manuallogin-reasontxt-xss (10318)
Reference: URL:http://www.iss.net/security_center/static/10318.php

Description:
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. Status: Entry
Reference: BUGTRAQ:20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104394414713415&w=2
Reference: NTBUGTRAQ:20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104393588232166&w=2
Reference: MS:MS03-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-001.asp
Reference: CERT:CA-2003-03
Reference: URL:http://www.cert.org/advisories/CA-2003-03.html
Reference: CERT-VN:VU#610986
Reference: URL:http://www.kb.cert.org/vuls/id/610986
Reference: BID:6666
Reference: URL:http://www.securityfocus.com/bid/6666
Reference: XF:win-locator-bo(11132)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11132
Reference: OVAL:oval:org.mitre.oval:def:103
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:103

Description:
Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter. Status: Entry
Reference: BUGTRAQ:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104878038418534&w=2
Reference: VULNWATCH:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0154.html
Reference: MS:MS03-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-005.asp
Reference: BID:6778
Reference: URL:http://www.securityfocus.com/bid/6778
Reference: XF:winxp-windows-redirector-bo(11260)
Reference: URL:http://www.iss.net/security_center/static/11260.php

Description:
Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure." Status: Entry
Reference: MS:MS03-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-003.asp
Reference: BID:6667
Reference: URL:http://www.securityfocus.com/bid/6667
Reference: XF:outlook-v1-certificate-plaintext(11133)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11133

Description:
Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter. Status: Entry
Reference: BUGTRAQ:20030227 MS-Windows ME IE/Outlook/HelpCenter critical vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104636383018686&w=2
Reference: MS:MS03-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-006.asp
Reference: CIAC:N-047
Reference: URL:http://www.ciac.org/ciac/bulletins/n-047.shtml
Reference: CERT-VN:VU#489721
Reference: URL:http://www.kb.cert.org/vuls/id/489721
Reference: BID:6966
Reference: URL:http://www.securityfocus.com/bid/6966
Reference: XF:winme-hsc-hcp-bo(11425)
Reference: URL:http://www.iss.net/security_center/static/11425.php
Reference: OSVDB:6074
Reference: URL:http://www.osvdb.org/6074

Description:
The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data. Status: Entry
Reference: BUGTRAQ:20030102 [BUGZILLA] Security Advisory - remote database password disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104154319200399&w=2
Reference: DEBIAN:DSA-230
Reference: URL:http://www.debian.org/security/2003/dsa-230
Reference: REDHAT:RHSA-2003:012
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-012.html
Reference: BID:6502
Reference: URL:http://www.securityfocus.com/bid/6502
Reference: XF:bugzilla-mining-world-writable(10971)
Reference: URL:http://www.iss.net/security_center/static/10971.php

Description:
The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file. Status: Entry
Reference: BUGTRAQ:20030102 [BUGZILLA] Security Advisory - remote database password disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104154319200399&w=2
Reference: DEBIAN:DSA-230
Reference: URL:http://www.debian.org/security/2003/dsa-230
Reference: BID:6501
Reference: URL:http://www.securityfocus.com/bid/6501
Reference: XF:bugzilla-htaccess-database-password(10970)
Reference: URL:http://www.iss.net/security_center/static/10970.php
Reference: OSVDB:6351
Reference: URL:http://www.osvdb.org/6351

Description:
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands. Status: Entry
Reference: VULNWATCH:20030120 Advisory 01/2003: CVS remote vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
Reference: FULLDISC:20030120 Advisory 01/2003: CVS remote vulnerability
Reference: MISC:http://security.e-matters.de/advisories/012003.html
Reference: BUGTRAQ:20030124 Test program for CVS double-free.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104342550612736&w=2
Reference: BUGTRAQ:20030202 Exploit for CVS double free() for Linux pserver
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104428571204468&w=2
Reference: CERT:CA-2003-02
Reference: URL:http://www.cert.org/advisories/CA-2003-02.html
Reference: CONFIRM:http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14
Reference: CALDERA:CSSA-2003-006
Reference: DEBIAN:DSA-233
Reference: URL:http://www.debian.org/security/2003/dsa-233
Reference: FREEBSD:FreeBSD-SA-03:01
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104438807203491&w=2
Reference: MANDRAKE:MDKSA-2003:009
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009
Reference: REDHAT:RHSA-2003:012
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-012.html
Reference: REDHAT:RHSA-2003:013
Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-013.html
Reference: SUSE:SuSE-SA:2003:0007
Reference: BUGTRAQ:20030122 [security@slackware.com: [slackware-security] New CVS packages available]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104333092200589&w=2
Reference: CIAC:N-032
Reference: URL:http://www.ciac.org/ciac/bulletins/n-032.shtml
Reference: CERT-VN:VU#650937
Reference: URL:http://www.kb.cert.org/vuls/id/650937
Reference: BID:6650
Reference: URL:http://www.securityfocus.com/bid/6650
Reference: XF:cvs-doublefree-memory-corruption(11108)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11108

Description:
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names. Status: Entry
Reference: MLIST:[apache-httpd-announce] 20030120 [ANNOUNCE] Apache 2.0.44 Released
Reference: URL:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=104313442901017&w=2
Reference: CERT-VN:VU#979793
Reference: URL:http://www.kb.cert.org/vuls/id/979793
Reference: CERT-VN:VU#825177
Reference: URL:http://www.kb.cert.org/vuls/id/825177
Reference: CONFIRM:http://www.apacheweek.com/issues/03-01-24#security
Reference: BID:6659
Reference: URL:http://www.securityfocus.com/bid/6659
Reference: XF:apache-device-name-dos(11124)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11124
Reference: XF:apache-device-code-execution(11125)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11125

Description:
Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served. Status: Entry
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=104313442901017&w=2

Description:
Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption. Status: Entry
Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@3e2f193drGJDBg9SG6JwaDQwCBnAMQ
Reference: DEBIAN:DSA-358
Reference: URL:http://www.debian.org/security/2003/dsa-358
Reference: DEBIAN:DSA-423
Reference: URL:http://www.debian.org/security/2004/dsa-423
Reference: MANDRAKE:MDKSA-2003:014
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:014
Reference: REDHAT:RHSA-2003:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-025.html
Reference: BID:6763
Reference: URL:http://www.securityfocus.com/bid/6763
Reference: XF:linux-odirect-information-leak(11249)
Reference: URL:http://www.iss.net/security_center/static/11249.php

Description:
uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode. Status: Entry
Reference: REDHAT:RHSA-2003:056
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-056.html
Reference: CERT-VN:VU#134025
Reference: URL:http://www.kb.cert.org/vuls/id/134025
Reference: CIAC:N-044
Reference: URL:http://www.ciac.org/ciac/bulletins/n-044.shtml
Reference: BID:6801
Reference: URL:http://www.securityfocus.com/bid/6801
Reference: XF:linux-umlnet-gain-privileges(11276)
Reference: URL:http://www.iss.net/security_center/static/11276.php

Description:
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. Status: Entry
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: APPLE:APPLE-SA-2004-05-03
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108369640424244&w=2
Reference: GENTOO:GLSA-200405-22
Reference: URL:http://security.gentoo.org/glsa/glsa-200405-22.xml
Reference: HP:SSRT4717
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108731648532365&w=2
Reference: MANDRAKE:MDKSA-2003:050
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050
Reference: MANDRAKE:MDKSA-2004:046
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046
Reference: REDHAT:RHSA-2003:082
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-082.html
Reference: REDHAT:RHSA-2003:083
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-083.html
Reference: REDHAT:RHSA-2003:104
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-104.html
Reference: REDHAT:RHSA-2003:139
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-139.html
Reference: REDHAT:RHSA-2003:243
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-243.html
Reference: REDHAT:RHSA-2003:244
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-244.html
Reference: SLACKWARE:SSA:2004-133
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
Reference: SUNALERT:57628
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
Reference: SUNALERT:101555
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
Reference: TRUSTIX:2004-0017
Reference: URL:http://www.trustix.org/errata/2004/0017
Reference: TRUSTIX:2004-0027
Reference: URL:http://www.trustix.org/errata/2004/0027
Reference: BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108437852004207&w=2
Reference: XF:apache-esc-seq-injection(11412)
Reference: URL:http://www.iss.net/security_center/static/11412.php
Reference: BID:9930
Reference: URL:http://www.securityfocus.com/bid/9930
Reference: OVAL:oval:org.mitre.oval:def:150
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:150
Reference: OVAL:oval:org.mitre.oval:def:4114
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4114
Reference: OVAL:oval:org.mitre.oval:def:100109
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100109

Description:
The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence. Status: Entry
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: MANDRAKE:MDKSA-2003:040
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040
Reference: GENTOO:GLSA-200303-1
Reference: BID:6936
Reference: URL:http://www.securityfocus.com/bid/6936
Reference: XF:terminal-emulator-screen-dump(11413)
Reference: URL:http://www.iss.net/security_center/static/11413.php

Description:
The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence. Status: Entry
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: MANDRAKE:MDKSA-2003:034
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034
Reference: REDHAT:RHSA-2003:054
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-054.html
Reference: REDHAT:RHSA-2003:055
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-055.html
Reference: BID:6938
Reference: URL:http://www.securityfocus.com/bid/6938
Reference: XF:terminal-emulator-screen-dump(11413)
Reference: URL:http://www.iss.net/security_center/static/11413.php

Description:
The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu. Status: Entry
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: MANDRAKE:MDKSA-2003:034
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034
Reference: REDHAT:RHSA-2003:055
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-055.html
Reference: REDHAT:RHSA-2003:054
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-054.html
Reference: BID:6947
Reference: URL:http://www.securityfocus.com/bid/6947
Reference: XF:terminal-emulator-menu-modification(11416)
Reference: URL:http://www.iss.net/security_center/static/11416.php

Description:
The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu. Status: Entry
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: BID:6949
Reference: URL:http://www.securityfocus.com/bid/6949
Reference: XF:terminal-emulator-menu-modification(11416)
Reference: URL:http://www.iss.net/security_center/static/11416.php

Description:
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure. Status: Entry
Reference: BUGTRAQ:20030122 Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulner
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104326556329850&w=2
Reference: MISC:http://www.entercept.com/news/uspr/01-22-03.asp
Reference: SUNALERT:50104
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50104
Reference: CERT-VN:VU#850785
Reference: URL:http://www.kb.cert.org/vuls/id/850785
Reference: BID:6665
Reference: URL:http://www.securityfocus.com/bid/6665
Reference: XF:solaris-kcms-directory-traversal(11129)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11129
Reference: OVAL:oval:org.mitre.oval:def:120
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:120
Reference: OVAL:oval:org.mitre.oval:def:195
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:195
Reference: OVAL:oval:org.mitre.oval:def:2592
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2592

Description:
Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load algorithms via libtool. Status: Entry
Reference: BUGTRAQ:20030103 Multiple libmcrypt vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104162752401212&w=2
Reference: BUGTRAQ:20030105 GLSA: libmcrypt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104188513728573&w=2
Reference: DEBIAN:DSA-228
Reference: URL:http://www.debian.org/security/2003/dsa-228
Reference: CONECTIVA:CLA-2003:567
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567
Reference: SUSE:SuSE-SA:2003:0010
Reference: XF:libmcrypt-libtool-memory-leak(10988)
Reference: URL:http://www.iss.net/security_center/static/10988.php
Reference: BID:6512
Reference: URL:http://www.securityfocus.com/bid/6512

Description:
Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets. Status: Entry
Reference: ISS:20030303 Snort RPC Preprocessing Vulnerability
Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951
Reference: BUGTRAQ:20030303 Snort RPC Vulnerability (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104673386226064&w=2
Reference: DEBIAN:DSA-297
Reference: URL:http://www.debian.org/security/2003/dsa-297
Reference: ENGARDE:ESA-20030307-007
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html
Reference: GENTOO:GLSA-200304-06
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154530427824&w=2
Reference: GENTOO:GLSA-200303-6.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104716001503409&w=2
Reference: MANDRAKE:MDKSA-2003:029
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:029
Reference: CERT:CA-2003-13
Reference: URL:http://www.cert.org/advisories/CA-2003-13.html
Reference: CERT-VN:VU#916785
Reference: URL:http://www.kb.cert.org/vuls/id/916785
Reference: BID:6963
Reference: URL:http://www.securityfocus.com/bid/6963
Reference: XF:snort-rpc-fragment-bo(10956)
Reference: URL:http://www.iss.net/security_center/static/10956.php
Reference: OSVDB:4418
Reference: URL:http://www.osvdb.org/4418

Description:
ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count. Status: Entry
Reference: BUGTRAQ:20030115 DoS against DHCP infrastructure with isc dhcrelay
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104310927813830&w=2
Reference: CONECTIVA:CLSA-2003:616
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616
Reference: DEBIAN:DSA-245
Reference: URL:http://www.debian.org/security/2003/dsa-245
Reference: REDHAT:RHSA-2003:034
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-034.html
Reference: TURBO:TLSA-2003-26
Reference: URL:http://cc.turbolinux.com/security/TLSA-2003-26.txt
Reference: BUGTRAQ:20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd)
Reference: URL:http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.html
Reference: CERT-VN:VU#149953
Reference: URL:http://www.kb.cert.org/vuls/id/149953
Reference: BID:6628
Reference: URL:http://www.securityfocus.com/bid/6628
Reference: XF:dhcp-dhcrelay-dos(11187)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11187

Description:
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name. Status: Entry
Reference: DEBIAN:DSA-247
Reference: URL:http://www.debian.org/security/2003/dsa-247
Reference: BID:6738
Reference: URL:http://www.securityfocus.com/bid/6738
Reference: XF:courierimap-authmysqllib-sql-injection(11213)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11213

Description:
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file. Status: Entry
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
Reference: DEBIAN:DSA-246
Reference: URL:http://www.debian.org/security/2003/dsa-246
Reference: HP:HPSBUX0303-249
Reference: URL:http://www.securityfocus.com/advisories/5111
Reference: CIAC:N-060
Reference: URL:http://www.ciac.org/ciac/bulletins/n-060.shtml
Reference: BID:6722
Reference: URL:http://www.securityfocus.com/bid/6722
Reference: XF:tomcat-webxml-read-files(11195)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11195

Description:
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. Status: Entry
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
Reference: XF:jakarta-tomcat-msdos-dos(12102)
Reference: URL:http://xforce.iss.net/xforce/xfdb/12102

Description:
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters. Status: Entry
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: BID:6954
Reference: URL:http://www.securityfocus.com/bid/6954
Reference: XF:quicktime-darwin-command-execution(11401)
Reference: URL:http://www.iss.net/security_center/static/11401.php

Description:
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter. Status: Entry
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: BID:6956
Reference: URL:http://www.securityfocus.com/bid/6956
Reference: XF:quicktime-darwin-path-disclosure(11402)
Reference: URL:http://www.iss.net/security_center/static/11402.php

Description:
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories. Status: Entry
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: BID:6955
Reference: URL:http://www.securityfocus.com/bid/6955
Reference: XF:quicktime-darwin-directory-disclosure(11403)
Reference: URL:http://www.iss.net/security_center/static/11403.php

Description:
Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message. Status: Entry
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: BID:6958
Reference: URL:http://www.securityfocus.com/bid/6958
Reference: XF:quicktime-darwin-parsexml-xss(11404)
Reference: URL:http://www.iss.net/security_center/static/11404.php

Description:
Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser. Status: Entry
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: BID:6960
Reference: URL:http://www.securityfocus.com/bid/6960
Reference: XF:quicktime-darwin-describe-xss(11405)
Reference: URL:http://www.iss.net/security_center/static/11405.php

Description:
Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename. Status: Entry
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: BID:6957
Reference: URL:http://www.securityfocus.com/bid/6957
Reference: XF:quicktime-darwin-mp3-bo(11406)
Reference: URL:http://www.iss.net/security_center/static/11406.php

Description:
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. Status: Entry
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
Reference: CERT-VN:VU#661243
Reference: URL:http://www.kb.cert.org/vuls/id/661243
Reference: CONECTIVA:CLSA-2003:639
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
Reference: MANDRAKE:MDKSA-2003:043
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043
Reference: REDHAT:RHSA-2003:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:168
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html
Reference: SUNALERT:50142
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50142
Reference: BID:6683
Reference: URL:http://www.securityfocus.com/bid/6683
Reference: OVAL:oval:org.mitre.oval:def:1110
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1110
Reference: XF:kerberos-kdc-null-pointer-dos(10099)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10099

Description:
Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys. Status: Entry
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
Reference: CONECTIVA:CLSA-2003:639
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
Reference: MANDRAKE:MDKSA-2003:043
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043
Reference: REDHAT:RHSA-2003:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:168
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html
Reference: CERT-VN:VU#684563
Reference: URL:http://www.kb.cert.org/vuls/id/684563
Reference: BID:6714
Reference: URL:http://www.securityfocus.com/bid/6714
Reference: XF:kerberos-kdc-user-spoofing(11188)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11188

Description:
Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name. Status: Entry
Reference: BUGTRAQ:20030210 iDEFENSE Security Advisory 02.10.03: Buffer Overflow In NOD32 Antivirus Software for Unix
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104490777824360&w=2
Reference: MISC:http://www.idefense.com/advisory/02.10.03.txt
Reference: BID:6803
Reference: URL:http://www.securityfocus.com/bid/6803
Reference: XF:nod32-pathname-bo(11282)
Reference: URL:http://www.iss.net/security_center/static/11282.php

Description:
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Status: Entry
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: DEBIAN:DSA-380
Reference: URL:http://www.debian.org/security/2003/dsa-380
Reference: REDHAT:RHSA-2003:064
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-064.html
Reference: REDHAT:RHSA-2003:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-065.html
Reference: REDHAT:RHSA-2003:066
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-066.html
Reference: REDHAT:RHSA-2003:067
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-067.html
Reference: BID:6940
Reference: URL:http://www.securityfocus.com/bid/6940
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

Description:
The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Status: Entry
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: HP:HPSBUX0401-309
Reference: URL:http://www.securityfocus.com/advisories/6236
Reference: BID:6942
Reference: URL:http://www.securityfocus.com/bid/6942
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

Description:
The uxterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Status: Entry
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: BID:6945
Reference: URL:http://www.securityfocus.com/bid/6945
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

Description:
The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Status: Entry
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: GENTOO:200303-16
Reference: URL:http://www.securityfocus.com/advisories/5137
Reference: MANDRAKE:MDKSA-2003:003
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003
Reference: REDHAT:RHSA-2003:054
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-054.html
Reference: REDHAT:RHSA-2003:055
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-055.html
Reference: BID:6953
Reference: URL:http://www.securityfocus.com/bid/6953
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

Description:
The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Status: Entry
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

Description:
The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Status: Entry
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: DEBIAN:DSA-496
Reference: URL:http://www.debian.org/security/2004/dsa-496
Reference: GENTOO:GLSA-200303-1
Reference: MANDRAKE:MDKSA-2003:040
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040
Reference: BID:10237
Reference: URL:http://www.securityfocus.com/bid/10237
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

Description:
The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Status: Entry
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php
Reference: OSVDB:8347
Reference: URL:http://www.osvdb.org/8347

Description:
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Status: Entry
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: REDHAT:RHSA-2003:053
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-053.html
Reference: GENTOO:GLSA-200303-2
Reference: URL:http://seclists.org/lists/bugtraq/2003/Mar/0010.html
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

Description:
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop. Status: Entry
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: DEBIAN:DSA-380
Reference: URL:http://www.debian.org/security/2003/dsa-380
Reference: REDHAT:RHSA-2003:064
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-064.html
Reference: REDHAT:RHSA-2003:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-065.html
Reference: REDHAT:RHSA-2003:066
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-066.html
Reference: REDHAT:RHSA-2003:067
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-067.html
Reference: BID:6950
Reference: URL:http://www.securityfocus.com/bid/6950
Reference: XF:terminal-emulator-dec-udk(11415)
Reference: URL:http://www.iss.net/security_center/static/11415.php

Description:
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. Status: Entry
Reference: CONFIRM:http://www.mysql.com/doc/en/News-3.23.55.html
Reference: BUGTRAQ:20030129 [OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104385719107879&w=2
Reference: CONECTIVA:CLA-2003:743
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743
Reference: DEBIAN:DSA-303
Reference: URL:http://www.debian.org/security/2003/dsa-303
Reference: ENGARDE:ESA-20030220-004
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html
Reference: MANDRAKE:MDKSA-2003:013
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013
Reference: REDHAT:RHSA-2003:093
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-093.html
Reference: REDHAT:RHSA-2003:094
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-094.html
Reference: REDHAT:RHSA-2003:166
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html
Reference: BID:6718
Reference: URL:http://www.securityfocus.com/bid/6718
Reference: XF:mysql-mysqlchangeuser-doublefree-dos(11199)
Reference: URL:http://www.iss.net/security_center/static/11199.php
Reference: OVAL:oval:org.mitre.oval:def:436
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:436

Description:
Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk. Status: Entry
Reference: BUGTRAQ:20030202 Bladeenc 0.94.2 code execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104428700106672&w=2
Reference: MISC:http://www.pivx.com/luigi/adv/blade942-adv.txt
Reference: GENTOO:GLSA-200302-04
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104446346127432&w=2
Reference: BID:6745
Reference: URL:http://www.securityfocus.com/bid/6745
Reference: XF:bladeenc-myfseek-code-execution(11227)
Reference: URL:http://www.iss.net/security_center/static/11227.php

Description:
The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Status: Entry
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: REDHAT:RHSA-2003:070
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-070.html
Reference: REDHAT:RHSA-2003:071
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-071.html
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php
Reference: OSVDB:4917
Reference: URL:http://www.osvdb.org/4917

Description:
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." Status: Entry
Reference: CONFIRM:http://www.openssl.org/news/secadv_20030219.txt
Reference: BUGTRAQ:20030219 OpenSSL 0.9.7a and 0.9.6i released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104567627211904&w=2
Reference: CONECTIVA:CLSA-2003:570
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570
Reference: DEBIAN:DSA-253
Reference: URL:http://www.debian.org/security/2003/dsa-253
Reference: ENGARDE:ESA-20030220-005
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html
Reference: FREEBSD:FreeBSD-SA-03:02
Reference: GENTOO:GLSA-200302-10
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104577183206905&w=2
Reference: REDHAT:RHSA-2003:062
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-062.html
Reference: REDHAT:RHSA-2003:063
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-063.html
Reference: REDHAT:RHSA-2003:082
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-082.html
Reference: REDHAT:RHSA-2003:104
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-104.html
Reference: REDHAT:RHSA-2003:205
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-205.html
Reference: SGI:20030501-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
Reference: TRUSTIX:2003-0005
Reference: URL:http://www.trustix.org/errata/2003/0005
Reference: MANDRAKE:MDKSA-2003:020
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020
Reference: NETBSD:NetBSD-SA2003-001
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc
Reference: SUSE:SuSE-SA:2003:011
Reference: BUGTRAQ:20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104568426824439&w=2
Reference: CIAC:N-051
Reference: URL:http://www.ciac.org/ciac/bulletins/n-051.shtml
Reference: BID:6884
Reference: URL:http://www.securityfocus.com/bid/6884
Reference: XF:ssl-cbc-information-leak(11369)
Reference: URL:http://www.iss.net/security_center/static/11369.php
Reference: OSVDB:3945
Reference: URL:http://www.osvdb.org/3945

Description:
The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop. Status: Entry
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: REDHAT:RHSA-2003:070
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-070.html
Reference: REDHAT:RHSA-2003:071
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-071.html
Reference: BID:6944
Reference: URL:http://www.securityfocus.com/bid/6944
Reference: XF:terminal-emulator-dec-udk(11415)
Reference: URL:http://www.iss.net/security_center/static/11415.php
Reference: OSVDB:4918
Reference: URL:http://www.osvdb.org/4918

Description:
Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers. Status: Entry
Reference: FULLDISC:20030308 Ethereal format string bug, yet still ethereal much better than windows
Reference: URL:http://seclists.org/lists/fulldisclosure/2003/Mar/0080.html
Reference: MISC:http://www.guninski.com/etherre.html
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00008.html
Reference: CONECTIVA:CLSA-2003:627
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000627
Reference: DEBIAN:DSA-258
Reference: URL:http://www.debian.org/security/2003/dsa-258
Reference: GENTOO:GLSA-200303-10
Reference: URL:http://www.linuxsecurity.com/advisories/gentoo_advisory-2949.html
Reference: MANDRAKE:MDKSA-2003:051
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:051
Reference: REDHAT:RHSA-2003:076
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-076.html
Reference: REDHAT:RHSA-2003:077
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-077.html
Reference: SUSE:SuSE-SA:2003:019
Reference: URL:http://www.novell.com/linux/security/advisories/2003_019_ethereal.html
Reference: BID:7049
Reference: URL:http://www.securityfocus.com/bid/7049
Reference: XF:ethereal-socks-format-string(11497)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11497
Reference: OVAL:oval:org.mitre.oval:def:54
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:54

Description:
Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm. Status: Entry
Reference: BUGTRAQ:20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104508375107938&w=2
Reference: VULNWATCH:20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0066.html
Reference: BUGTRAQ:20030212 libIM.a buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104508833214691&w=2
Reference: MISC:http://www.idefense.com/advisory/02.12.03.txt
Reference: AIXAPAR:IY40307
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY40307&apar=only
Reference: AIXAPAR:IY40317
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY40317&apar=only
Reference: AIXAPAR:IY40320
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY40320&apar=only
Reference: BID:6840
Reference: URL:http://www.securityfocus.com/bid/6840
Reference: XF:aix-aixterm-libim-bo(11309)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11309
Reference: OSVDB:7996
Reference: URL:http://www.osvdb.org/7996

Description:
TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information. Status: Entry
Reference: ATSTAKE:A021403-1
Reference: URL:http://www.atstake.com/research/advisories/2003/a021403-1.txt
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: BID:6859
Reference: URL:http://www.securityfocus.com/bid/6859
Reference: XF:macos-trublueenvironment-gain-privileges(11332)
Reference: URL:http://www.iss.net/security_center/static/11332.php

Description:
The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop. Status: Entry
Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=81585
Reference: DEBIAN:DSA-261
Reference: URL:http://www.debian.org/security/2003/dsa-261
Reference: MANDRAKE:MDKSA-2003:027
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
Reference: REDHAT:RHSA-2003:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html
Reference: REDHAT:RHSA-2003:033
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-033.html
Reference: REDHAT:RHSA-2003:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html
Reference: XF:tcpdump-radius-decoder-dos(11324)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11324

Description:
A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. Status: Entry
Reference: MANDRAKE:MDKSA-2003:016
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016
Reference: BID:6855
Reference: URL:http://www.securityfocus.com/bid/6855
Reference: XF:utillinux-mcookie-cookie-predictable(11318)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11318

Description:
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP. Status: Entry
Reference: VULNWATCH:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)
Reference: BUGTRAQ:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549693426042&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf
Reference: CERT:CA-2003-05
Reference: URL:http://www.cert.org/advisories/CA-2003-05.html
Reference: CERT-VN:VU#953746
Reference: URL:http://www.kb.cert.org/vuls/id/953746
Reference: CIAC:N-046
Reference: URL:http://www.ciac.org/ciac/bulletins/n-046.shtml
Reference: BID:6849
Reference: URL:http://www.securityfocus.com/bid/6849
Reference: XF:oracle-username-bo(11328)
Reference: URL:http://www.iss.net/security_center/static/11328.php
Reference: OSVDB:6319
Reference: URL:http://www.osvdb.org/6319

Description:
Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect). Status: Entry
Reference: BUGTRAQ:20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550977011668&w=2
Reference: VULNWATCH:20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0
Reference: GENTOO:GLSA-200302-09
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104567042700840&w=2
Reference: GENTOO:GLSA-200302-09.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104567137502557&w=2
Reference: CONFIRM:http://www.slackware.com/changelog/current.php?cpu=i386
Reference: BID:6875
Reference: URL:http://www.securityfocus.com/bid/6875
Reference: XF:php-cgi-sapi-access(11343)
Reference: URL:http://www.iss.net/security_center/static/11343.php

Description:
Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements. Status: Entry
Reference: BUGTRAQ:20030220 Cisco IOS OSPF exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104576100719090&w=2
Reference: BUGTRAQ:20030221 Re: Cisco IOS OSPF exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104587206702715&w=2
Reference: BID:6895
Reference: URL:http://www.securityfocus.com/bid/6895
Reference: XF:cisco-ios-ospf-bo(11373)
Reference: URL:http://www.iss.net/security_center/static/11373.php

Description:
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize). Status: Entry
Reference: BUGTRAQ:20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104680706201721&w=2
Reference: MISC:http://www.idefense.com/advisory/03.04.03.txt
Reference: DEBIAN:DSA-260
Reference: URL:http://www.debian.org/security/2003/dsa-260
Reference: IMMUNIX:IMNX-2003-7+-012-01
Reference: URL:http://lwn.net/Alerts/34908/
Reference: MANDRAKE:MDKSA-2003:030
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030
Reference: NETBSD:NetBSD-SA2003-003
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc
Reference: SUSE:SuSE-SA:2003:017
Reference: URL:http://www.novell.com/linux/security/advisories/2003_017_file.html
Reference: REDHAT:RHSA-2003:086
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-086.html
Reference: REDHAT:RHSA-2003:087
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-087.html
Reference: BUGTRAQ:20030304 [OpenPKG-SA-2003.017] OpenPKG Security Advisory (file)
Reference: CERT-VN:VU#611865
Reference: URL:http://www.kb.cert.org/vuls/id/611865
Reference: BID:7008
Reference: URL:http://www.securityfocus.com/bid/7008
Reference: XF:file-afctr-read-bo(11469)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11469

Description:
Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers. Status: Entry
Reference: ATSTAKE:A022503-1
Reference: BID:6952
Reference: URL:http://www.securityfocus.com/bid/6952
Reference: XF:nokia-6210-vcard-dos(11421)
Reference: URL:http://www.iss.net/security_center/static/11421.php

Description:
Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet. Status: Entry
Reference: ISS:20030310 PeopleSoft PeopleTools Remote Command Execution Vulnerability
Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999
Reference: BID:7053
Reference: URL:http://www.securityfocus.com/bid/7053
Reference: XF:peoplesoft-schedulertransfer-create-files(10962)
Reference: URL:http://www.iss.net/security_center/static/10962.php

Description:
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. Status: Entry
Reference: BUGTRAQ:20030222 buffer overrun in zlib 1.1.4
Reference: URL:http://online.securityfocus.com/archive/1/312869
Reference: BUGTRAQ:20030223 poc zlib sploit just for fun :)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610337726297&w=2
Reference: BUGTRAQ:20030224 Re: buffer overrun in zlib 1.1.4
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610536129508&w=2
Reference: BUGTRAQ:20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104620610427210&w=2
Reference: CALDERA:CSSA-2003-011.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt
Reference: CONECTIVA:CLSA-2003:619
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619
Reference: GENTOO:GLSA-200303-25
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104887247624907&w=2
Reference: MANDRAKE:MDKSA-2003:033
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033
Reference: NETBSD:NetBSD-SA2003-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc
Reference: REDHAT:RHSA-2003:079
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-079.html
Reference: REDHAT:RHSA-2003:081
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-081.html
Reference: SUNALERT:57405
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html
Reference: CERT-VN:VU#142121
Reference: URL:http://www.kb.cert.org/vuls/id/142121
Reference: BID:6913
Reference: URL:http://www.securityfocus.com/bid/6913
Reference: XF:zlib-gzprintf-bo(11381)
Reference: URL:http://www.iss.net/security_center/static/11381.php
Reference: OSVDB:6599
Reference: URL:http://www.osvdb.org/6599

Description:
isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop. Status: Entry
Reference: BUGTRAQ:20030227 iDEFENSE Security Advisory 02.27.03: TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsin
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104637420104189&w=2
Reference: MISC:http://www.idefense.com/advisory/02.27.03.txt
Reference: CONECTIVA:CLA-2003:629
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629
Reference: DEBIAN:DSA-255
Reference: URL:http://www.debian.org/security/2003/dsa-255
Reference: MANDRAKE:MDKSA-2003:027
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
Reference: REDHAT:RHSA-2003:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html
Reference: REDHAT:RHSA-2003:085
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-085.html
Reference: REDHAT:RHSA-2003:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html
Reference: SUSE:SuSE-SA:2003:0015
Reference: URL:http://www.novell.com/linux/security/advisories/2003_015_tcpdump.html
Reference: BUGTRAQ:20030304 [OpenPKG-SA-2003.014] OpenPKG Security Advisory (tcpdump)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678787109030&w=2
Reference: BID:6974
Reference: URL:http://www.securityfocus.com/bid/6974
Reference: XF:tcpdump-isakmp-dos(11434)
Reference: URL:http://www.iss.net/security_center/static/11434.php

Description:
adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name. Status: Entry
Reference: DEBIAN:DSA-256
Reference: URL:http://www.debian.org/security/2003/dsa-256
Reference: BID:6978
Reference: URL:http://www.securityfocus.com/bid/6978
Reference: XF:mhc-adb2mhc-insecure-tmp(11439)
Reference: URL:http://www.iss.net/security_center/static/11439.php

Description:
Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field. Status: Entry
Reference: BUGTRAQ:20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104757319829443&w=2
Reference: VULNWATCH:20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html
Reference: MISC:http://www.rapid7.com/advisories/R7-0010.html
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101
Reference: CERT:CA-2003-11
Reference: URL:http://www.cert.org/advisories/CA-2003-11.html
Reference: CERT-VN:VU#433489
Reference: URL:http://www.kb.cert.org/vuls/id/433489
Reference: CIAC:N-065
Reference: URL:http://www.ciac.org/ciac/bulletins/n-065.shtml
Reference: BID:7037
Reference: URL:http://www.securityfocus.com/bid/7037
Reference: XF:lotus-nrpc-bo(11526)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11526

Description:
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line. Status: Entry
Reference: BUGTRAQ:20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104757545500368&w=2
Reference: MISC:http://www.rapid7.com/advisories/R7-0011.html
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060
Reference: CERT:CA-2003-11
Reference: URL:http://www.cert.org/advisories/CA-2003-11.html
Reference: CERT-VN:VU#411489
Reference: URL:http://www.kb.cert.org/vuls/id/411489
Reference: CIAC:N-065
Reference: URL:http://www.ciac.org/ciac/bulletins/n-065.shtml
Reference: BID:7038
Reference: URL:http://www.securityfocus.com/bid/7038
Reference: XF:lotus-web-retriever-bo(11525)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11525

Description:
man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man. Status: Entry
Reference: BUGTRAQ:20030311 Vulnerability in man < 1.5l
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104740927915154&w=2
Reference: CONECTIVA:CLSA-2003:620
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620
Reference: GENTOO:GLSA-200303-13
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104802285112752&w=2
Reference: REDHAT:RHSA-2003:133
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-133.html
Reference: REDHAT:RHSA-2003:134
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-134.html
Reference: BID:7066
Reference: URL:http://www.securityfocus.com/bid/7066
Reference: XF:man-myxsprintf-code-execution(11512)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11512

Description:
Buffer overflow in the web interface for SOHO Routefinder 550 before firmware 4.63 allows remote attackers to cause a denial of service (reboot) and execute arbitrary code via a long GET /OPTIONS value. Status: Entry
Reference: MISC:http://www.krusesecurity.dk/advisories/routefind550bof.txt
Reference: VULNWATCH:20030311 SOHO Routefinder 550 VPN, DoS and Buffer Overflow
Reference: CONFIRM:ftp://ftp.multitech.com/Routers/RF550VPN.TXT
Reference: BID:7067
Reference: URL:http://www.securityfocus.com/bid/7067
Reference: XF:routefinder-vpn-options-bo(11514)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11514

Description:
The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name. Status: Entry
Reference: BUGTRAQ:20030310 QPopper 4.0.x buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104739841223916&w=2
Reference: BUGTRAQ:20030312 Re: QPopper 4.0.x buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104748775900481&w=2
Reference: DEBIAN:DSA-259
Reference: URL:http://www.debian.org/security/2003/dsa-259
Reference: GENTOO:GLSA-200303-12
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792541215354&w=2
Reference: SUSE:SuSE-SA:2003:018
Reference: URL:http://www.novell.com/linux/security/advisories/2003_018_qpopper.html
Reference: BUGTRAQ:20030314 [OpenPKG-SA-2003.018] OpenPKG Security Advisory (qpopper)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104768137314397&w=2
Reference: BID:7058
Reference: URL:http://www.securityfocus.com/bid/7058
Reference: XF:qpopper-popmsg-macroname-bo(11516)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11516

Description:
Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093. Status: Entry
Reference: CONFIRM:http://www.tcpdump.org/tcpdump-changes.txt
Reference: DEBIAN:DSA-261
Reference: URL:http://www.debian.org/security/2003/dsa-261
Reference: MANDRAKE:MDKSA-2003:027
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
Reference: REDHAT:RHSA-2003:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html
Reference: REDHAT:RHSA-2003:151
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-151.html
Reference: REDHAT:RHSA-2003:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html
Reference: XF:tcpdump-radius-attribute-dos(11857)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11857

Description:
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. Status: Entry
Reference: MS:MS04-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-006.asp
Reference: CERT-VN:VU#445214
Reference: URL:http://www.kb.cert.org/vuls/id/445214
Reference: CIAC:O-077
Reference: URL:http://www.ciac.org/ciac/bulletins/o-077.shtml
Reference: BID:9624
Reference: URL:http://www.securityfocus.com/bid/9624
Reference: OSVDB:3903
Reference: URL:http://www.osvdb.org/3903
Reference: OVAL:oval:org.mitre.oval:def:704
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:704
Reference: OVAL:oval:org.mitre.oval:def:800
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:800
Reference: OVAL:oval:org.mitre.oval:def:801
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:801
Reference: OVAL:oval:org.mitre.oval:def:802
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:802
Reference: XF:win-wins-gsflag-dos(15037)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15037

Description:
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request. Status: Entry
Reference: MS:MS04-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-003.asp
Reference: CERT-VN:VU#139150
Reference: URL:http://www.kb.cert.org/vuls/id/139150
Reference: BID:9407
Reference: URL:http://www.securityfocus.com/bid/9407
Reference: XF:mdac-broadcastrequest-bo(14187)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14187
Reference: OSVDB:3457
Reference: URL:http://www.osvdb.org/3457
Reference: OVAL:oval:org.mitre.oval:def:525
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:525
Reference: OVAL:oval:org.mitre.oval:def:553
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:553
Reference: OVAL:oval:org.mitre.oval:def:751
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:751
Reference: OVAL:oval:org.mitre.oval:def:775
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:775

Description:
Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets. Status: Entry
Reference: MS:MS04-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-008.asp
Reference: CERT-VN:VU#982630
Reference: URL:http://www.kb.cert.org/vuls/id/982630
Reference: BID:9825
Reference: URL:http://www.securityfocus.com/bid/9825
Reference: XF:win-media-services-dos(15038)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15038
Reference: OVAL:oval:org.mitre.oval:def:842
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:842

Description:
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. Status: Entry
Reference: DEBIAN:DSA-426
Reference: URL:http://www.debian.org/security/2004/dsa-426
Reference: GENTOO:GLSA-200410-02
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml
Reference: REDHAT:RHSA-2004:030
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-030.html
Reference: REDHAT:RHSA-2004:031
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-031.html
Reference: SGI:20040201-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
Reference: MANDRAKE:MDKSA-2004:011
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011
Reference: CERT-VN:VU#487102
Reference: URL:http://www.kb.cert.org/vuls/id/487102
Reference: BID:9442
Reference: URL:http://www.securityfocus.com/bid/9442
Reference: XF:netpbm-temp-insecure-file(14874)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14874
Reference: OVAL:oval:org.mitre.oval:def:804
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:804
Reference: OVAL:oval:org.mitre.oval:def:810
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:810

Description:
Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line. Status: Entry
Reference: REDHAT:RHSA-2004:009
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-009.html
Reference: SGI:20040103-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
Reference: MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078
Reference: BID:9430
Reference: URL:http://www.securityfocus.com/bid/9430
Reference: XF:elm-frm-subject-bo(14840)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14840

Description:
mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability. Status: Entry
Reference: DEBIAN:DSA-411
Reference: URL:http://www.debian.org/security/2004/dsa-411
Reference: SUSE:SuSE-SA:2004:002
Reference: URL:http://www.novell.com/linux/security/advisories/2004_02_tcpdump.html
Reference: BID:9364
Reference: URL:http://www.securityfocus.com/bid/9364
Reference: XF:mpg321-mp3-format-string(14148)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14148
Reference: OSVDB:3331
Reference: URL:http://www.osvdb.org/3331

Description:
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077. Status: Entry
Reference: BUGTRAQ:20040105 Linux kernel mremap vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107332782121916&w=2
Reference: MISC:http://isec.pl/vulnerabilities/isec-0013-mremap.txt
Reference: BUGTRAQ:20040105 Linux kernel do_mremap() proof-of-concept exploit code
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340358402129&w=2
Reference: BUGTRAQ:20040106 Linux mremap bug correction
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340814409017&w=2
Reference: MLIST:[linux-kernel] 20040105 linux-2.4.24 released
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24
Reference: CONFIRM:http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-0528?op=file&rev=0&sc=0
Reference: CONFIRM:http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap
Reference: DEBIAN:DSA-423
Reference: URL:http://www.debian.org/security/2004/dsa-423
Reference: DEBIAN:DSA-450
Reference: URL:http://www.debian.org/security/2004/dsa-450
Reference: DEBIAN:DSA-1070
Reference: URL:http://www.debian.org/security/2006/dsa-1070
Reference: DEBIAN:DSA-1067
Reference: URL:http://www.debian.org/security/2006/dsa-1067
Reference: DEBIAN:DSA-1069
Reference: URL:http://www.debian.org/security/2006/dsa-1069
Reference: DEBIAN:DSA-1082
Reference: URL:http://www.debian.org/security/2006/dsa-1082
Reference: DEBIAN:DSA-413
Reference: URL:http://www.debian.org/security/2004/dsa-413
Reference: DEBIAN:DSA-417
Reference: URL:http://www.debian.org/security/2004/dsa-417
Reference: DEBIAN:DSA-427
Reference: URL:http://www.debian.org/security/2004/dsa-427
Reference: DEBIAN:DSA-439
Reference: URL:http://www.debian.org/security/2004/dsa-439
Reference: DEBIAN:DSA-440
Reference: URL:http://www.debian.org/security/2004/dsa-440
Reference: DEBIAN:DSA-442
Reference: URL:http://www.debian.org/security/2004/dsa-442
Reference: DEBIAN:DSA-470
Reference: URL:http://www.debian.org/security/2004/dsa-470
Reference: DEBIAN:DSA-475
Reference: URL:http://www.debian.org/security/2004/dsa-475
Reference: SUSE:SuSE-SA:2004:001
Reference: SUSE:SuSE-SA:2004:003
Reference: URL:http://www.novell.com/linux/security/advisories/2004_03_linux_kernel.html
Reference: CONECTIVA:CLA-2004:799
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799
Reference: ENGARDE:ESA-20040105-001
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html
Reference: REDHAT:RHSA-2003:416
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-416.html
Reference: REDHAT:RHSA-2003:417
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-417.html
Reference: REDHAT:RHSA-2003:418
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-418.html
Reference: REDHAT:RHSA-2003:419
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-419.html
Reference: IMMUNIX:IMNX-2004-73-001-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.3/updates/IMNX-2004-73-001-01
Reference: MANDRAKE:MDKSA-2004:001
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001
Reference: SGI:20040102-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040102-01-U
Reference: TRUSTIX:2004-0001
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107332754521495&w=2
Reference: BUGTRAQ:20040107 [slackware-security] Kernel security update (SSA:2004-006-01)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107350348418373&w=2
Reference: BUGTRAQ:20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-01/0070.html
Reference: BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2
Reference: CERT-VN:VU#490620
Reference: URL:http://www.kb.cert.org/vuls/id/490620
Reference: CIAC:O-045
Reference: URL:http://www.ciac.org/ciac/bulletins/o-045.shtml
Reference: BID:9356
Reference: URL:http://www.securityfocus.com/bid/9356
Reference: OSVDB:3315
Reference: URL:http://www.osvdb.org/3315
Reference: OVAL:oval:org.mitre.oval:def:860
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:860
Reference: OVAL:oval:org.mitre.oval:def:867
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:867
Reference: SECUNIA:10532
Reference: URL:http://secunia.com/advisories/10532
Reference: SECUNIA:20163
Reference: URL:http://secunia.com/advisories/20163
Reference: SECUNIA:20202
Reference: URL:http://secunia.com/advisories/20202
Reference: SECUNIA:20338
Reference: URL:http://secunia.com/advisories/20338
Reference: XF:linux-domremap-gain-privileges(14135)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14135

Description:
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file. Status: Entry
Reference: BUGTRAQ:20040114 KDE Security Advisory: VCF file information reader vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107412130407906&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20040114-1.txt
Reference: CONECTIVA:CLA-2004:810
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810
Reference: GENTOO:GLSA-200404-02
Reference: URL:http://security.gentoo.org/glsa/glsa-200404-02.xml
Reference: MANDRAKE:MDKSA-2004:003
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:003
Reference: REDHAT:RHSA-2004:005
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-005.html
Reference: REDHAT:RHSA-2004:006
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-006.html
Reference: CERT-VN:VU#820798
Reference: URL:http://www.kb.cert.org/vuls/id/820798
Reference: BID:9419
Reference: URL:http://www.securityfocus.com/bid/9419
Reference: XF:kde-kdepim-bo(14833)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14833
Reference: OVAL:oval:org.mitre.oval:def:858
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:858
Reference: OVAL:oval:org.mitre.oval:def:865
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:865

Description:
Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands. Status: Entry
Reference: MLIST:[Mailman-Announce] 20040208 RELEASED: Mailman 2.0.14 patch-only release
Reference: URL:http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html
Reference: CONECTIVA:CLA-2004:842
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842
Reference: DEBIAN:DSA-436
Reference: URL:http://www.debian.org/security/2004/dsa-436
Reference: REDHAT:RHSA-2004:019
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-019.html
Reference: SGI:20040201-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
Reference: MANDRAKE:MDKSA-2004:013
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013
Reference: XF:mailman-command-handler-dos(15106)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15106
Reference: BID:9620
Reference: URL:http://www.securityfocus.com/bid/9620

Description:
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. Status: Entry
Reference: CONFIRM:http://issues.apache.org/bugzilla/show_bug.cgi?id=23850
Reference: MLIST:[apache-cvs] 20040307 cvs commit: apache-1.3/src/modules/standard mod_access.c
Reference: URL:http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722
Reference: CONFIRM:http://www.apacheweek.com/features/security-13
Reference: GENTOO:GLSA-200405-22
Reference: URL:http://security.gentoo.org/glsa/glsa-200405-22.xml
Reference: MANDRAKE:MDKSA-2004:046
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046
Reference: SLACKWARE:SSA:2004-133
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
Reference: SUNALERT:57628
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
Reference: SUNALERT:101555
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
Reference: SUNALERT:101841
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
Reference: TRUSTIX:2004-0027
Reference: URL:http://www.trustix.org/errata/2004/0027
Reference: BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108437852004207&w=2
Reference: BID:9829
Reference: URL:http://www.securityfocus.com/bid/9829
Reference: OVAL:oval:org.mitre.oval:def:4670
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4670
Reference: OVAL:oval:org.mitre.oval:def:100111
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100111
Reference: XF:apache-modaccess-obtain-information(15422)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15422

Description:
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges. Status: Entry
Reference: FULLDISC:20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html
Reference: BUGTRAQ:20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html
Reference: BUGTRAQ:20040112 Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107393473928245&w=2
Reference: MISC:http://www.secnetops.biz/research/SRT2004-01-09-1022.txt
Reference: OSVDB:3428
Reference: URL:http://www.osvdb.org/3428

Description:
Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory. Status: Entry
Reference: DEBIAN:DSA-416
Reference: URL:http://www.debian.org/security/2004/dsa-416
Reference: CIAC:O-048
Reference: URL:http://www.ciac.org/ciac/bulletins/o-048.shtml
Reference: XF:fspsuite-dot-directory-traversal(14154)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14154
Reference: BID:9377
Reference: URL:http://www.securityfocus.com/bid/9377
Reference: OSVDB:3346
Reference: URL:http://www.osvdb.org/3346

Description:
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box." Status: Entry
Reference: MS:MS03-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-004.asp
Reference: CIAC:N-038
Reference: URL:http://www.ciac.org/ciac/bulletins/n-038.shtml
Reference: BID:6779
Reference: URL:http://www.securityfocus.com/bid/6779
Reference: XF:ie-dialog-zone-bypass(11258)
Reference: URL:http://www.iss.net/security_center/static/11258.php
Reference: OVAL:oval:org.mitre.oval:def:126
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:126
Reference: OVAL:oval:org.mitre.oval:def:178
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:178
Reference: OVAL:oval:org.mitre.oval:def:49
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:49

Description:
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality." Status: Entry
Reference: BUGTRAQ:20030206 showHelp("file:") disables security in IE - Sandblad advisory #11
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html
Reference: MS:MS03-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-004.asp
Reference: CERT-VN:VU#400577
Reference: URL:http://www.kb.cert.org/vuls/id/400577
Reference: CIAC:N-038
Reference: URL:http://www.ciac.org/ciac/bulletins/n-038.shtml
Reference: BID:6780
Reference: URL:http://www.securityfocus.com/bid/6780
Reference: XF:ie-showhelp-zone-bypass(11259)
Reference: URL:http://www.iss.net/security_center/static/11259.php
Reference: OVAL:oval:org.mitre.oval:def:57
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:57