iDefense Security Advisory 08.04.08 - Remote exploitation of multiple format string vulnerabilities in Sun Microsystems Inc.'s snoop could allow an attacker to execute arbitrary code with the privileges of the nobody user. Multiple format string vulnerabilities exist within the code that parses and displays SMB traffic. All of the vulnerabilities are present due to unsanitized user input being passed to printf-style formatting function. This allows an attacker to overwrite arbitrary addresses with arbitrary data, which can result in the execution of arbitrary code. iDefense has confirmed the existence of these vulnerabilities in snoop for Solaris 10 8/07. Other versions may also be affected.
86a629216fb461e13eaaf00def47aaea7455872dfc3360b326c676d8ff366859iDefense Security Advisory 08.04.08 - Remote exploitation of multiple stack-based buffer overflow vulnerabilities in Sun Microsystems Inc.'s snoop could allow an attacker to execute arbitrary code with the privileges of the nobody user. Multiple buffer overflow vulnerabilities exist within the code that parses and displays SMB traffic. In most cases, exploitation is trivial as an attacker has full control of the data copied. iDefense has confirmed the existence of these vulnerabilities in snoop for Solaris 10 8/07. Other versions may also be affected.
44c95b7eafa3c1684d3258e1f4f590cc2c4fe2a3c61f9cf0ababd05d2179e75ciDEFENSE Security Advisory 03.28.05 - Remote exploitation of a buffer overflow vulnerability in multiple telnet clients could allow the execution of arbitrary code. The vulnerability specifically exists in the env_opt_add() function of telnet.c. iDEFENSE has confirmed the existance of the vulnerability in the telnet client included in the Kerberos V5 Release 1.3.6 package and the client included in the SUNWtnetc package of Solaris 5.9. It is suspected that most BSD based telnet clients are affected by this vulnerability.
de99e8ea1329dbc1f15a968b8c0756e881aa440162190742655fdb287e67ea1ciDEFENSE Security Advisory 03.28.05 - Remote exploitation of an buffer overflow vulnerability error in multiple telnet clients may allow execution of arbitrary commands. The vulnerability specifically exists in the handling of the LINEMODE suboptions, in that there is no size check made on the output, which is stored in a fixed length buffer. iDEFENSE has confirmed the existence of the vulnerability in the telnet client included in the Kerberos V5 Release 1.3.6 package and the client included in the SUNWtnetc package of Solaris 5.9. It is suspected that most BSD based telnet clients are affected by this vulnerability.
9a3b7b73eb08fc8817b92e7dac30a75b72f3c015d5bbd074dbfb8f930414a6f2New Firefox, Thunderbird, and Mozilla releases between September 13 and 14 address 7 critical security issues. If you have not already, upgrade today.
e9d350da84264e6d5b1ca1b7bc56d5d368693bc81e678bb46bc9cee697f2656eSecunia Security Advisory - Details have been released about several vulnerabilities in Mozilla, Mozilla Firefox, and Thunderbird. These can potentially be exploited by malicious people to conduct cross-site scripting attacks, access and modify sensitive information, and compromise a user's system. These vulnerabilities reportedly affect versions prior to the following: Mozilla 1.7.3, Firefox 1.0PR, Thunderbird 0.8.
0a6ca10ffc4a3ba1127a2e7aff306ae4251a2daf157abd425b6d345403f1729d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed