iDefense Security Advisory 02.08.08 - Remote exploitation of multiple stack-based buffer overflows in JavaScript methods in Adobe Reader and Acrobat could allow an attacker to execute arbitrary code as the current user. These issues exist due to insufficient input validation in several JavaScript methods. Inadequate checking is performed on the string length before it is copied into a fixed sized buffer on the stack. If an attacker supplies a long string, control structures on the stack may be modified, allowing the execution of arbitrary code. iDefense has confirmed these vulnerabilities exist in Adobe Reader 8.1 on Windows XP SP2. It is likely that other Adobe products that handle PDF files, including previous versions of Adobe Reader, are also affected.
82745cf5c6c8c6e687ae2cfa0e63f534a092b268615b9f95eb4a1895cce48b92iDefense Security Advisory 02.08.08 - Remote exploitation of an unsafe library path vulnerability in Adobe Systems Inc.'s Adobe Reader may allow attackers to execute arbitrary code as the current user. This vulnerability is due to Adobe Reader using a path for "Security Provider" libraries that contains the directory the application was started in. Security Provider libraries provide encryption and signature verification routines to applications. If the current directory contains a file with the same name as a Security Provider library, the file will be loaded into the application, potentially allowing code execution. iDefense has confirmed this vulnerability exists in Adobe Reader 8.1 installed on Windows XP and Windows Vista. Previous versions, as well as those for other platforms, may also be affected.
d4fa880a29e7e14ddec6cb6cc8521a592d10b2b7b07c917d7f97f961261d764diDefense Security Advisory 02.08.08 - Remote exploitation of an insecure method exposed by the JavaScript library in Adobe Reader and Acrobat could allow an attacker to execute arbitrary code as the current user. Adobe Reader and Acrobat implement a version of JavaScript in the EScript.api plug-in which is based on the reference implementation used in Mozilla products. One of the methods exposed allows direct control over low level features of the object, which in turn allows execution of arbitrary code. iDefense has confirmed this vulnerability exists in Adobe Reader 8.1 on Windows XP SP2. It is likely that other Adobe products that handle PDF files, including previous versions of Adobe Reader, are also affected.
dbaad2878fa40c352148186c8e60fdaec85df78c429b573508d0ec0a58af0de5iDefense Security Advisory 02.07.08 - Remote exploitation of a memory corruption vulnerability within version 9.1 of IBM Corp.'s DB2 Universal Database Administration Server (DAS) allows attackers to crash the service or potentially execute arbitrary code in the context of the affected service. iDefense has confirmed the existence of this vulnerability in the DAS (db2dassrm) as included with DB2 9.1 with Fix Pack 2 for both Linux and Windows platforms. Previous versions, as well as builds for other platforms, are suspected to be vulnerable.
05cdded353cd4797405eeb5933263493101277c8236530276f0fecda19bf5ec0iDefense Security Advisory 02.07.08 - Local exploitation of a library loading vulnerability in IBM Corp.'s DB2 Universal Database could allow attackers to gain root privileges. When the DB2INSTANCE environment variable is set, the libdb2 library will use the corresponding user's directory in place of the DB2 instance directory. This allows an unprivileged local user to control the directory structure on which several set-uid root binaries operate. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s DB2 Universal Database 9.1 with FixPack 2 installed on a Linux system. Other versions, including those for other UNIX systems, are also suspected to be vulnerable.
001fbc3f1ab8c8f9aca0ac41697d2e04d1ad568a1539fce5f3ce4ed6e5d256f5iDefense Security Advisory 02.04.08 - Remote exploitation of a denial of service vulnerability in Hewlett-Packard's Network Node Manager product allows attackers to crash the ovtopmd process. The ovtopmd process contains an implementation error, in which it attempts to access an invalid memory address based on data within the TCP stream. By sending a specially crafted request, an attacker can cause the service to crash. iDefense has confirmed this vulnerability in HP's OpenView Network Node Manager 7.5 with all updates applied as of May 14th, 2007.
729c873c456bce1b31790f282ccf524eff5e30ecb47c3e16b548ea893304c259iDefense Security Advisory 01.31.08 - Local exploitation of a file creation vulnerability in IBM Corp.'s Informix Dynamic Server allows attackers to elevate privileges to root. The set-uid root "onedcu" command requires six parameters to be specified when it is executed. The second parameter is a "Trace" file that this program will open and write to with elevated privileges.
08217f2a8fc5c50d43f66264243c431eefac2ede9e8e0b4d147be9d0edb86f3eiDefense Security Advisory 01.31.08 - Local exploitation of a file creation vulnerability in IBM Corp.'s Informix Dynamic Server allows attackers to elevate privileges to root. When the SQLIDEBUG environment variable is set, several set-uid binaries will log debugging information to the specified file. iDefense confirmed the existence of this vulnerability in IBM Corp.'s Informix Dynamic Server version 10.00 UC6TL installed on a Linux system. Other versions are also suspected as vulnerable. Versions for other supported Unix systems should also be considered vulnerable.
f2864fc19e93a164fbc79f6bd51e58cf26ac30861f82d244ac1f12a20cee48e9iDefense Security Advisory 01.23.08 - Local exploitation of a buffer overflow vulnerability in IBM Corp.'s AIX operating system 'pioout' program allows attackers to execute arbitrary code with root privileges. The vulnerability exists due to insufficient input validation when copying user-supplied data to a fixed-size buffer. By passing a long string as a command line option, an attacker can cause an exploitable buffer overflow. iDefense has confirmed the existence of this vulnerability in version 5.2 and 5.3 of AIX with all patches applied as of November 29th, 2007. Previous versions are suspected to be affected.
0c544c96e82318461295adc559d908532902371421d53ecc023219ebd696ae0biDefense Security Advisory 01.22.08 - Remote exploitation of a buffer overflow vulnerability in the web server component of IBM Corp.'s Tivoli Provisioning Manager for OS Deployment allows attackers to cause a denial of service condition or potentially execute arbitrary code with SYSTEM privileges. This vulnerability specifically exists within the logging functionality of the web server component. By making requests with a large HTTP request method, an attacker can cause a static-sized buffer to be overrun with data they supplied. iDefense has confirmed the existence of this vulnerability in IBM Tivoli Provisioning Manager for OS Deployment version 5.1.0.3. Previous versions may also be affected.
43cc7ce0fa301c94cc9b1e2a2764e9657d25cf17e034be6283e72f34cfe0fb11iDefense Security Advisory 01.17.08 - Local exploitation of an invalid array index vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the X server, typically root. The vulnerability exists within the XFree86-Misc extension. When processing a request, a 32-bit value from the client's request is used as an index into an array of structures. This structure contains an array of function pointers, one of which is used later in the request handling. By supplying a large array index, an arbitrary function pointer can be dereferenced. This results in the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in X.org X11 version R7.3. Previous versions may also be affected.
b1bca06565d2f165aedea3eb15eab5d2d20441857d50764b8dc053baf339d3f8iDefense Security Advisory 01.17.08 - Local exploitation of multiple integer overflow vulnerabilities in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the X server, typically root. One vulnerability exists within the EVI extension. When processing a request, the server uses a 32-bit value provided by the client in an arithmetic operation that calculates the number of bytes to allocate for a dynamic buffer. This operation can overflow, which later leads to a potentially exploitable heap overflow. Another vulnerability exists within the MIT-SHM extension. When allocating a pixmap, the server uses values from the request to verify that the requested size is not greater than the amount of allocated shared memory. The calculation can overflow, which leads to the overwriting of arbitrary addresses in memory that aren't part of the shared memory segment. iDefense has confirmed the existence of these vulnerabilities in X.Org X11 version R7.3. Previous versions may also be affected.
4771cffce18053e80e066e7475e194c4330b692f7bbb96e44000ac38b0c62d4fiDefense Security Advisory 01.17.08 - Local exploitation of an information disclosure vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to gain access to sensitive information stored in server memory. The vulnerable code exists within the TOG-CUP extension. A 32-bit client supplied value is taken directly from the request, and then used as an index into an array. The value located at this index is then stored into a buffer which is later sent to the client. This allows a client to read memory from arbitrary locations in server memory. iDefense has confirmed the existence of this vulnerability in X.Org X11 version R7.3. Previous versions may also be affected.
a830ea77fa2be6da734569efacfc8af0c88a9b2b7118beb38c4ab08de59b7be4iDefense Security Advisory 01.17.08 - Local exploitation of multiple memory corruption vulnerabilities in the X.Org X server, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the X server, typically root. Vulnerable code exists within multiple functions in the XInput extension. By sending specially crafted X11 requests, an attacker is able to corrupt heap memory located after their request data. This results in a potentially exploitable condition. Defense has confirmed the existence of these vulnerabilities in X.Org X11 version R7.3. Previous versions may also be affected.
4357bff2a486d2934d0def5af55ed1b0333abfe4897f136cdcb70115231ac4b8iDefense Security Advisory 01.15.08 - Remote exploitation of a heap corruption vulnerability in Apple Computer Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the handling of Macintosh Resources embedded in QuickTime movies. When processing these records, a length value stored in the resource header is not properly validated. When a length value larger than the actual buffer size is supplied, potentially exploitable memory corruption occurs. iDefense Labs confirmed this vulnerability exists in QuickTime Player version 7.3.1. Previous versions are suspected to be vulnerable.
6d73e3ce9736dc59d009c05ff809807ae8052bbc094fde1bd0def439d35351b7iDefense Security Advisory 01.15.08 - Remote exploitation of multiple untrusted loop bounds vulnerabilities in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. When processing requests, SmartSockets uses values from the requests to control the number of iterations of several loops. Inside these loops, various memory operations are performed. Since attackers can control these values, potentially exploitable conditions arise. iDefense has confirmed the existence of these vulnerabilities in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
7f196c84113ddcc385c5d70b854af7778a013336ae974c92f3479d023fc233d8iDefense Security Advisory 01.15.08 - Remote exploitation of multiple untrusted pointer offset vulnerabilities in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. When processing requests, SmartSockets uses values from the requests as offsets added to valid pointers. The resulting pointer values are then used in various memory operations. Since attackers can control these offset values, potentially exploitable conditions arise. iDefense has confirmed the existence of these vulnerabilities in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
0d4e1180975b5622df56fb55155580852ab845d3afcc3f51f3a7d74e8eddf4eeiDefense Security Advisory 01.15.08 - Remote exploitation of multiple untrusted pointer vulnerabilities in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. When processing requests, SmartSockets uses values from the requests as pointers. These pointer values are then used in various memory operations. Since attackers can control these values, potentially exploitable conditions arise. iDefense has confirmed the existence of these vulnerabilities in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
3786ba1f2c0d443c5ba142c9250af385bc9b7d612652583004e74f0b46076165iDefense Security Advisory 01.15.08 - Remote exploitation of a heap overflow vulnerability in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. A heap overflow vulnerability exists within the code responsible for processing requests. Two distinct values from the request are used for the allocation size and the amount of data copied. Since both values are attacker controlled, this can lead to a heap overflow, potentially resulting in the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
d1f2b39e4549949cfc2ea044ba91948441a2d453f40b6a0acbaf1209018892a3iDefense Security Advisory 01.09.08 - Local exploitation of an input validation error vulnerability within Novell Inc.'s NetWare Client allows attackers to execute arbitrary code within the kernel. iDefense has confirmed the existence of this vulnerability in nicm.sys, file version 3.0.0.4, as included with Novell's NetWare Client 4.91 SP4. Other versions may also be vulnerable.
1199edc5e5bb2e36aec4a186f945949d624aafcfeafaede7918b2e7d59888b2aiDefense Security Advisory 01.07.08 - Local exploitation of a privilege escalation vulnerability in Motorola Inc.'s netOctopus could allow an attacker to execute arbitrary code in kernel context. iDefense has confirmed the existence of this vulnerability in version 5.0.0.115 of the nantsys.sys driver as included with netOctopus version 5.1.2 build 1011. Previous versions may also be affected.
8c1d1e8dc48c46909722b81670b93c2a3e9c3a8a5803f30b9a78e760c2b94d3eiDefense Security Advisory 12.24.07 - Local exploitation of a privilege escalation vulnerability in Novell ZENworks Endpoint Security Management allows attackers to execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in STEngine.exe version 3.5.0.20 as included with Novell Inc's ZENworks Endpoint Security Management 3.5. Other versions may also be affected.
c21648e448a450e5c089b4ac38b4da87f03e5e26df576e7609afeb546933705fiDefense Security Advisory 12.17.07 - Remote exploitation of an integer overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. iDefense has confirmed the existence of this vulnerability in ClamAV 0.91.2. Previous versions may also be affected.
c5aa473b49ed2acfeb57cd13577312e73bab4e62c33cba86068e3c637d24d61ciDefense Security Advisory 12.17.07 - Local exploitation of a stack based buffer overflow vulnerability in Apple Inc.'s Mac OS X mount_smbfs utility could allow an attacker to execute arbitrary code with root privileges. iDefense has confirmed the existence of this vulnerability in Mac OS X version 10.4.10, on both the Server and Desktop versions. Previous versions may also be affected.
68e98a688f3efc75abfaeec608bc143f485c893470f9b457f1cead3618eb70d0iDefense Security Advisory 12.11.07 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s DirectShow could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability exists in the DirectShow SAMI parser, which is implemented in quartz.dll. When the SAMI parser copies parameters into a stack buffer, it does not properly check the length of the parameter. As such, parsing a specially crafted SAMI file can cause a stack-based buffer overflow. This allows an attacker to execute arbitrary code. iDefense has confirmed Microsoft DirectX 7.x and Microsoft DirectX 8.x are vulnerable. Microsoft DirectX 9.0c or newer is not vulnerable.
13a7ee86d40260d7b3d9c10a605bff89d2993050d850639780f669cac844978c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed