ID

VAR-200409-0015

CVE

CVE-2004-0823

TITLE

Apple QuickTime Streaming Server vulnerable to DoS

DESCRIPTION

OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them. There is a vulnerability in the Apple QuickTime Streaming Server that could allow a remote attacker to cause a denial-of-service condition. There is a vulnerability in the Mac OS X CoreFoundation framework that could allow a local attacker to execute arbitrary code. OpenLDAP In using a specific authentication scheme userPassword There is a flaw that prevents password authentication if the password value is obtained because the value stored in is not processed as plain text.Password authentication may be avoided. In certain undisclosed cases, OpenLDAP is reported prone to an ambiguous-password-attribute weakness. If an attacker can retrieve a password hash as contained in the OpenLDAP database, they may then be able to directly authenticate to the LDAP database. The attacker may gain unauthorized access if they can sniff password hashes from the network or if they can retrieve the contents of the 'userPassword' attribute from a database backup or through weak permissions on the database. The OpenLDAP that is included with Apple Mac OS X, versions 10.3.4 and 10.3.5, is reported affected. Versions of OpenLDAP included in other operating systems may also be affected. There is a problem in OpenLDAP's verification of CRYPT passwords. Remote attackers can use this vulnerability to log in using other users' CRYPT values ​​as passwords. An attacker can log in with the target user's authority by using the CRYPT value of the target user's password. Apple reports that CRYPT passwords can be specified as a clear text password as userPassword. According to reports, some authentication mechanisms can use CRYPT values ​​as plaintext passwords. TITLE: Red Hat update for openldap / nss_ldap SECUNIA ADVISORY ID: SA17233 VERIFY ADVISORY: http://secunia.com/advisories/17233/ CRITICAL: Moderately critical IMPACT: Security Bypass, Exposure of sensitive information WHERE: >From remote OPERATING SYSTEM: RedHat Linux Advanced Workstation 2.1 for Itanium http://secunia.com/product/1326/ RedHat Enterprise Linux WS 4 http://secunia.com/product/4670/ RedHat Enterprise Linux WS 3 http://secunia.com/product/2536/ RedHat Enterprise Linux WS 2.1 http://secunia.com/product/1044/ RedHat Enterprise Linux ES 4 http://secunia.com/product/4668/ RedHat Enterprise Linux ES 3 http://secunia.com/product/2535/ RedHat Enterprise Linux ES 2.1 http://secunia.com/product/1306/ RedHat Enterprise Linux AS 4 http://secunia.com/product/4669/ RedHat Enterprise Linux AS 3 http://secunia.com/product/2534/ RedHat Enterprise Linux AS 2.1 http://secunia.com/product/48/ DESCRIPTION: Red Hat has issued updates for openldap / nss_ldap. This fixes two security issues and a vulnerability, which can be exploit by malicious people to gain knowledge of sensitive information or bypass certain security restrictions. For more information: SA15906 SA16518 SA12491 SOLUTION: Updated packages are available from Red Hat Network. http://rhn.redhat.com/ ORIGINAL ADVISORY: http://rhn.redhat.com/errata/RHSA-2005-767.html http://rhn.redhat.com/errata/RHSA-2005-751.html OTHER REFERENCES: SA15906: http://secunia.com/advisories/15906/ SA16518: http://secunia.com/advisories/16518/ SA12491: http://secunia.com/advisories/12491/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

Design Error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Apple

SOURCES

LAST UPDATE DATE

2024-08-14T12:19:51.775000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE