VARIoT IoT vulnerabilities database

Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. These issues were disclosed in the referenced vendor advisory. The first issue affects Apple's Apache configuration. Apparently Apple's default Apache configuration fails to properly block access to certain files. This issue arises due to a failure of the affected server to properly handle HFS+ files system file resources. The third issue affects Apple's windowing system and development kit (Appkit). This issue will allow and attacker to capture keyboard input that is supposed to be secure. The fourth issue surrounds the Cyrus IMAP server implementation when working with Kerberos authentication and may facilitate authentication bypass attacks. The fifth issue surrounds the HIToolBox. It affects only Mac OS X, and Mac OS X Server 10.3.X, the 10.2.X systems are not affected. This issue may allow an attacker to kill applications when running in kiosk mode. This issue may allow an attacker to send mail without requiring authentication. The seventh issue surrounds the PSNormalizer utilities on Mac OS X 10.3.X desktop and server. This issue may allow an attacker to execute arbitrary code in the context of a user running a vulnerable version of the operating system. The eighth issue affects the QuickTime Streaming Server. An attacker may leverage this issue to trigger a denial of service condition in the affected server. Finally, a vulnerability affects Apple's Terminal application. This issue may lead to a false sense of security as the affected application may report that the 'Secure Keyboard Entry' functionality is active when it is not. An attacker may leverage these issues to carry out information disclosure, authentication bypass, code execution, privilege escalation, a false sense of security, and denial of service attacks. The CVE ID of this problem is CAN-2004-1084. The CVE ID of this problem is CAN-2004-1088. Attackers can use this vulnerability to carry out denial-of-service attacks on the service program

Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags. Multiple web browsers do not properly display the location of HTML documents in the status bar. An attacker could exploit this behavior to mislead users into revealing sensitive information. Multiple security vulnerabilities are reported to affect Apple Mac OS X. These issues were disclosed in the referenced vendor advisory. The first issue affects Apple's Apache configuration. Apparently Apple's default Apache configuration fails to properly block access to certain files. This issue has been assigned the CVE ID CAN-2004-1083 and is resolved in the attached Apple security update. The second issue reported in the referenced advisory affects the Apache web server on Mac OS X. This issue arises due to a failure of the affected server to properly handle HFS+ files system file resources. This issue has been assigned the CVE ID CAN-2004-1084 and is resolved in the attached Apple security update. The third issue affects Apple's windowing system and development kit (Appkit). This issue will allow and attacker to capture keyboard input that is supposed to be secure. This issue has been assigned the CVE ID CAN-2004-1081 and is resolved in the attached security update. The fourth issue surrounds the Cyrus IMAP server implementation when working with Kerberos authentication and may facilitate authentication bypass attacks. It should be noted that this issue only affects Mac OS X Server 10.3.X and earlier. This issue has been assigned CVE ID CAN-2004-1089 and is resolved in the attached security update. The fifth issue surrounds the HIToolBox. It affects only Mac OS X, and Mac OS X Server 10.3.X, the 10.2.X systems are not affected. This issue may allow an attacker to kill applications when running in kiosk mode. This issue has been assigned CVE ID CAN-2004-1085 and is resolved in the attached security update. The sixth issue affects the Postfix functionality on Mac OS X 10.3.X desktop and server. This issue may allow an attacker to send mail without requiring authentication. This issue has been assigned CVE ID CAN-2004-1088 and is resolved in the attached security update. The seventh issue surrounds the PSNormalizer utilities on Mac OS X 10.3.X desktop and server. This issue may allow an attacker to execute arbitrary code in the context of a user running a vulnerable version of the operating system. This issue has been assigned the CVE ID CAN-2004-1086 and is resolved in the attached security update. The eighth issue affects the QuickTime Streaming Server. An attacker may leverage this issue to trigger a denial of service condition in the affected server. This issue has been assigned the CVE ID CAN-2004-1123 and is resolved in the attached security update. Finally, a vulnerability affects Apple's Terminal application. This issue may lead to a false sense of security as the affected application may report that the 'Secure Keyboard Entry' functionality is active when it is not. This issue has been assigned the CVE ID CAN-2004-1087 and is resolved in the attached security update. An attacker may leverage these issues to carry out information disclosure, authentication bypass, code execution, privilege escalation, a false sense of security, and denial of service attacks. A URI obfuscation weakness reportedly affects the Apple Safari Web Browser. This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present web pages to users that seem to originate from a trusted location. The CVE ID for this issue is CAN-2004-1083. The CVE ID of this problem is CAN-2004-1084. The CVE ID for this issue is CAN-2004-1089. The CVE ID for this issue is CAN-2004-1085. The CVE ID of this problem is CAN-2004-1088. The CVE ID for this issue is CAN-2004-1086. Attackers can use this vulnerability to carry out denial-of-service attacks on the service program. The CVE ID for this issue is CAN-2004-1123. The CVE ID for this issue is CAN-2004-1087. TITLE: Safari "Javascript Disabled" Status Bar Spoofing SECUNIA ADVISORY ID: SA13047 VERIFY ADVISORY: http://secunia.com/advisories/13047/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Safari 1.x http://secunia.com/product/1543/ DESCRIPTION: A weakness has been discovered in Safari, which can be exploited by malicious people to trick users into visiting a malicious website by obfuscating URLs. For more information: SA13015 Successful exploitation allows a malicious web site to obfuscate URLs in the status bar, even when javascript support has been disabled. The vulnerability has been confirmed in version 1.2.3. Other versions may also be affected. SOLUTION: Never follow links from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Reported in Safari by: dereklam Vulnerability originally discovered by: Benjamin Tobias Franz OTHER REFERENCES: SA13015: http://secunia.com/advisories/13015/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------

Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging.". Apple Mac OS X Safari fails to properly display URLs in the status bar. The individual security issues include: Improved notification logging (CAN-2004-0168). Undisclosed DiskArbitration security improvements for handling writeable removable media (CAN-2004-0167). Undisclosed IPSec key exchange issue (CAN-2004-0164). pppd daemon format string vulnerability described in BID 9730(Apple Mac OS X PPPD Format String Memory Disclosure Vulnerability) (CAN-2004-0165). Unspecified security vulnerability (CAN-2004-0089) in QuickTime Streaming Server that is related to handling of request data. URI display issue (CAN-2004-0166) in the Safari web browser. Finally 3 vulnerabilities in tcpdump. These issues are described in BID 9507(TCPDump ISAKMP Decoding Routines Denial Of Service Vulnerability), BID 7090(TCPDump Malformed RADIUS Packet Denial Of Service Vulnerability) and BID 9423(TCPDump ISAKMP Decoding Routines Multiple Remote Buffer Overflow Vulnerabilities). These issues are currently undergoing further analysis. Where it is appropriate, each individual issue will be assigned a unique BID and any existing BIDs will be updated accordingly to reflect the release of this Security Update. A local attacker could exploit this vulnerability to read part of the pppd process memory information. However, this format string problem does not allow the use of \\%n to attack, but due to the lack of filtering when receiving command line parameters, the format string problem can be triggered when submitted to the vslprintf() function, and the part of the pppd process memory can be obtained by using this problem Information, such as PAP or CHAP authentication information

DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media. The individual security issues include: Improved notification logging (CAN-2004-0168). Undisclosed DiskArbitration security improvements for handling writeable removable media (CAN-2004-0167). Undisclosed IPSec key exchange issue (CAN-2004-0164). pppd daemon format string vulnerability described in BID 9730(Apple Mac OS X PPPD Format String Memory Disclosure Vulnerability) (CAN-2004-0165). Unspecified security vulnerability (CAN-2004-0089) in QuickTime Streaming Server that is related to handling of request data. URI display issue (CAN-2004-0166) in the Safari web browser. Finally 3 vulnerabilities in tcpdump. These issues are described in BID 9507(TCPDump ISAKMP Decoding Routines Denial Of Service Vulnerability), BID 7090(TCPDump Malformed RADIUS Packet Denial Of Service Vulnerability) and BID 9423(TCPDump ISAKMP Decoding Routines Multiple Remote Buffer Overflow Vulnerabilities). These issues are currently undergoing further analysis. Where it is appropriate, each individual issue will be assigned a unique BID and any existing BIDs will be updated accordingly to reflect the release of this Security Update. A local attacker could exploit this vulnerability to read part of the pppd process memory information. However, this format string problem does not allow the use of \\%n to attack, but due to the lack of filtering when receiving command line parameters, the format string problem can be triggered when submitted to the vslprintf() function, and the part of the pppd process memory can be obtained by using this problem Information, such as PAP or CHAP authentication information

Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar.". The individual security issues include: Improved notification logging (CAN-2004-0168). Undisclosed DiskArbitration security improvements for handling writeable removable media (CAN-2004-0167). Undisclosed IPSec key exchange issue (CAN-2004-0164). pppd daemon format string vulnerability described in BID 9730(Apple Mac OS X PPPD Format String Memory Disclosure Vulnerability) (CAN-2004-0165). Unspecified security vulnerability (CAN-2004-0089) in QuickTime Streaming Server that is related to handling of request data. URI display issue (CAN-2004-0166) in the Safari web browser. Finally 3 vulnerabilities in tcpdump. These issues are described in BID 9507(TCPDump ISAKMP Decoding Routines Denial Of Service Vulnerability), BID 7090(TCPDump Malformed RADIUS Packet Denial Of Service Vulnerability) and BID 9423(TCPDump ISAKMP Decoding Routines Multiple Remote Buffer Overflow Vulnerabilities). These issues are currently undergoing further analysis. Where it is appropriate, each individual issue will be assigned a unique BID and any existing BIDs will be updated accordingly to reflect the release of this Security Update. A local attacker could exploit this vulnerability to read part of the pppd process memory information. However, this format string problem does not allow the use of \\%n to attack, but due to the lack of filtering when receiving command line parameters, the format string problem can be triggered when submitted to the vslprintf() function, and the part of the pppd process memory can be obtained by using this problem Information, such as PAP or CHAP authentication information

Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact. apple's Apple Mac OS X Exists in unspecified vulnerabilities.None. Apple has released Security Update 2004-01-26 to address multiple previously known and newly discovered security vulnerabilities in Mac OS X 10.1.x through 10.3.x. Apache is a popular WEB server program. The mod_cgid module included with Apache has issues when using the threaded MPM, which can cause data redirection to leak sensitive information or improperly authorize access. When the threaded MPM is used, mod_cgid mishandles the CGI redirect path, which can lead to incorrectly directing CGI output to the client. Mis-redirecting data can reveal sensitive information or improperly authorize access

The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087. apple's Apple Mac OS X Exists in unspecified vulnerabilities.None. Apple has released Security Update 2004-01-26 to address multiple previously known and newly discovered security vulnerabilities in Mac OS X 10.1.x through 10.3.x. Apache is a popular WEB server program. The mod_cgid module included with Apache has issues when using the threaded MPM, which can cause data redirection to leak sensitive information or improperly authorize access. When the threaded MPM is used, mod_cgid mishandles the CGI redirect path, which can lead to incorrectly directing CGI output to the client. Mis-redirecting data can reveal sensitive information or improperly authorize access

The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088. apple's Apple Mac OS X Exists in unspecified vulnerabilities.None. Apple has released Security Update 2004-01-26 to address multiple previously known and newly discovered security vulnerabilities in Mac OS X 10.1.x through 10.3.x. Apache is a popular WEB server program. The mod_cgid module included with Apache has issues when using the threaded MPM, which can cause data redirection to leak sensitive information or improperly authorize access. When the threaded MPM is used, mod_cgid mishandles the CGI redirect path, which can lead to incorrectly directing CGI output to the client. Mis-redirecting data can reveal sensitive information or improperly authorize access

Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085. apple's Apple Mac OS X Exists in unspecified vulnerabilities.None. Apple has released Security Update 2004-01-26 to address multiple previously known and newly discovered security vulnerabilities in Mac OS X 10.1.x through 10.3.x. Apache is a popular WEB server program. The mod_cgid module included with Apache has issues when using the threaded MPM, which can cause data redirection to leak sensitive information or improperly authorize access. When the threaded MPM is used, mod_cgid mishandles the CGI redirect path, which can lead to incorrectly directing CGI output to the client. Mis-redirecting data can reveal sensitive information or improperly authorize access

Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges. apple's Apple Mac OS X and Apple Mac OS X Server Exists in unspecified vulnerabilities.None. Apple has reported multiple previously known and newly discovered security vulnerabilities in Mac OS X (Client and Server). The individual security issues include: Improved notification logging (CAN-2004-0168). Undisclosed DiskArbitration security improvements for handling writeable removable media (CAN-2004-0167). Undisclosed IPSec key exchange issue (CAN-2004-0164). Unspecified security vulnerability (CAN-2004-0089) in QuickTime Streaming Server that is related to handling of request data. URI display issue (CAN-2004-0166) in the Safari web browser. Finally 3 vulnerabilities in tcpdump. These issues are described in BID 9507(TCPDump ISAKMP Decoding Routines Denial Of Service Vulnerability), BID 7090(TCPDump Malformed RADIUS Packet Denial Of Service Vulnerability) and BID 9423(TCPDump ISAKMP Decoding Routines Multiple Remote Buffer Overflow Vulnerabilities). These issues are currently undergoing further analysis. Where it is appropriate, each individual issue will be assigned a unique BID and any existing BIDs will be updated accordingly to reflect the release of this Security Update. When the ppp daemon processes an invalid command line argument, a function, error(), is called on the user-supplied data. Format specifiers that are contained within the supplied data will be interpreted literally, providing an attacker a conduit to read from pppd process memory. However, this format string problem does not allow the use of \\%n to attack, but due to the lack of filtering when receiving command line parameters, the format string problem can be triggered when submitted to the vslprintf() function, and the part of the pppd process memory can be obtained by using this problem Information, such as PAP or CHAP authentication information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. The vulnerability is in a function specific to pppd that does not allow for traditional exploitation (arbitrary data written to arbitrary memory locations) via %n. However, it is possible to read arbitrary data out of pppd's process. Under certain circumstances, it is also possible to 'steal' PAP/CHAP authentication credentials. This function is a custom replacement for vsnprintf(), and does contains a small subset of the format specifiers. The offending function is called option_error: void option_error __V((char *fmt, ...)) { va_list args; char buf[256]; #if defined(__STDC__) va_start(args, fmt); #else char *fmt; va_start(args); fmt = va_arg(args, char *); #endif vslprintf(buf, sizeof(buf), fmt, args); va_end(args); if (phase == PHASE_INITIALIZE) fprintf(stderr, "%s: %s\n", progname, buf); #ifdef __APPLE__ error(buf); #else syslog(LOG_ERR, "%s", buf); #endif } As we can see, there is a specific Apple ifdef that will pass our buffer directly to error(). Information about Apple Security Updates may be found at http://www.info.apple.com/ Recommendation: Install the vendor supplied upgrade. Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQDqNV0e9kNIfAm4yEQJDyACfdyoktRpVe2HdeJ+OXFrO0PCH5L4Anj1t ayzDBWIsuXib+mhqIjrG7wDI =4K2F -----END PGP SIGNATURE-----

Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable. apple's Apple Mac OS X Exists in unspecified vulnerabilities.None. Apple has reported multiple previously known and newly discovered security vulnerabilities in Mac OS X (Client and Server). The individual security issues include: Improved notification logging (CAN-2004-0168). Undisclosed DiskArbitration security improvements for handling writeable removable media (CAN-2004-0167). Undisclosed IPSec key exchange issue (CAN-2004-0164). pppd daemon format string vulnerability described in BID 9730(Apple Mac OS X PPPD Format String Memory Disclosure Vulnerability) (CAN-2004-0165). Unspecified security vulnerability (CAN-2004-0089) in QuickTime Streaming Server that is related to handling of request data. URI display issue (CAN-2004-0166) in the Safari web browser. Finally 3 vulnerabilities in tcpdump. These issues are described in BID 9507(TCPDump ISAKMP Decoding Routines Denial Of Service Vulnerability), BID 7090(TCPDump Malformed RADIUS Packet Denial Of Service Vulnerability) and BID 9423(TCPDump ISAKMP Decoding Routines Multiple Remote Buffer Overflow Vulnerabilities). These issues are currently undergoing further analysis. Where it is appropriate, each individual issue will be assigned a unique BID and any existing BIDs will be updated accordingly to reflect the release of this Security Update. The issue has been reported to exist due to a lack of sufficient boundary checks performed on data contained in Environment variables, before they are copied into a reserved buffer in TruBlueEnvironment stack based memory. It should be noted that this vulnerability was originally described as an unspecified issue in 9504. It is now being assigned a unique BID. TruBlueEnvironment is installed with the setuid root attribute by default

mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. Patches have been released for the Apache mod_digest module to include digest replay protection. The module reportedly did not adequately verify client-supplied nonces against the server issued nonce. This could permit a remote attacker to replay the response of another website or section of the same website under some circumstances. It should be noted that this issue does not exist in mod_auth_digest module. Apache is a popular WEB server program. A remote attacker could exploit this vulnerability to forge responses from other sites. This vulnerability only occurs when the username and password of the user on the fake station and the server are the same, and the actual name is also the same, but this situation is relatively rare

Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues

Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086. apple's Apple Mac OS X Exists in unspecified vulnerabilities.None. Apple has released Security Update 2004-01-26 to address multiple previously known and newly discovered security vulnerabilities in Mac OS X 10.1.x through 10.3.x. Apache is a popular WEB server program. The mod_cgid module included with Apache has issues when using the threaded MPM, which can cause data redirection to leak sensitive information or improperly authorize access. When the threaded MPM is used, mod_cgid mishandles the CGI redirect path, which can lead to incorrectly directing CGI output to the client. Mis-redirecting data can reveal sensitive information or improperly authorize access

Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full. A denial-of-service vulnerability exists in Cisco's Internetwork Operating System (IOS). This vulnerability may allow remote attackers to conduct denial-of-service attacks on an affected device. A denial of service vulnerability has been reported to exist in all hardware platforms that run Cisco IOS versions 11.x through 12.x. This issue may be triggered by a sequence of specifically crafted IPV4 packets. A power cycling of an affected device is required to regain normal functionality. Many Cisco devices run IOS. The attack does not trigger any alarms, nor does the router automatically reload. An attacker can repeatedly attack all interfaces of the Cisco device, making the router inaccessible remotely. < *Links: http://www.cert.org/advisories/CA-2003-15.html http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml* >

The Teledat DSL Router is an ADSL router from Deutsche Telekom. The Teledat DSL Router does not properly handle port scanning, and remote attackers can exploit this vulnerability to perform a denial of service attack on the router. Scanning the Teledat DSL Router with the Symantec security scan scanner can cause the router to crash and require a reboot to get normal service. Because of this, an attacker may be able to deny service to legimate users

The Asus AAM6000EV is an ADSL router. Asus AAM6000EV ADSL files with sensitive information can be accessed directly, and intranet users can use this vulnerability to obtain username and password information. If the WEB server embedded in the Asus AAM6000EV ADSL router is enabled, users on any local network can obtain some plain text username and password information by accessing the /userdata file. It is possible to request files from the built-in Web server that contain information such as usernames, passwords and other configuration information

Cisco Catalyst is a family of business-grade switches distributed and maintained by CISCO. Cisco Catalyst does not properly handle non-standard TCP packet communication. A remote attacker can exploit this vulnerability to perform a denial of service attack on the switch device, causing legitimate users to fail to communicate properly. Introducing a TCP connection using eight non-standard TCP tag combinations, the Catalyst switch will stop the normal TCP response for some services. To re-use the functionality of this service, the switch needs to be restarted. These standard services, including HTTP, Telnet, and SSH, are not affected by this vulnerability, including console communications. This Cisco bug ID is: CSCdw52219. Because of this, an attacker may be able to deny legitimate user access to the switch

The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow. Apple Mac OS X has a screen saver, entitled Screen Effects, with a password feature. Mac OS X is an operating system used on Mac machines, based on the BSD system

Ezbounce is an IRC proxy server. Ezbounce has a format string processing problem. A remote attacker can use this vulnerability to submit a malicious format string. It may execute arbitrary commands on the system with the ezbounce process permission. The problem exists in the \"ezbounce/commands.cpp\" file. When the program supports the session function, the attacker submits the \"sessions\" command containing the malicious string, which can cause the sensitive information in the process memory to be destroyed. The ezbounce process privilege executes arbitrary commands on the system. The condition is present in the file "ezbounce/commands.cpp" and can be triggered when session support is enabled. To exploit this vulnerability, the attacker must have valid credentials. This flaw may be of use to attackers who have proxy access but no privileges on the underlying host