Black Wolf Technologies

iDEFENSE Security Advisory 04.25.05-2 - Remote exploitation of a stack-based buffer overflow vulnerability in MySQL MaxDB could allow attackers to execute arbitrary code. The vulnerability specifically exists due to a lack of bounds checking in the WebDAV functionality of the web tool. When an attacker issues an HTTP request with the unlock method, along with a long Lock-Token string, a stack-based overflow occurs.  Homepage: http://www.idefense.com/.

iDEFENSE Security Advisory 04.25.06-1 - Remote exploitation of a stack-based buffer overflow vulnerability in MySQL MaxDB could allow attackers to execute arbitrary code. The vulnerabiltiy specifically exists because of a lack of bounds checking in the WebDAV functionality of the web tool. When an attacker issues an HTTP request with the unlock method, along with a long ‘If’ parameter string, a stack-based overflow occurs.  Homepage: http://www.idefense.com/.

iDefense Security Advisory 07.17.07 - Remote exploitation of a denial of service vulnerability within version 5.1.0.2 of IBM Corp.’s Tivoli Provisioning Manager for OS Deployment allows attackers to deny service to all product functionality. This vulnerability specifically exists in the TFTP protocol implementation. When processing a read request (RRQ), an integer division by zero error can be triggered by supplying an invalid “blksize” argument. This exception is not handled and will result in the rembo.exe service terminating. iDefense has confirmed the existence of this vulnerability in version 5.1.0.2 of IBM Corp.’s Tivoli Provisioning Manager for OS Deployment. Version 5.1.0.116 was tested and found not to be vulnerable. Related CVE Number: CVE-2007-3268.  Homepage: http://www.idefense.com/. Authored By Manuel Santamarina Suarez

iDefense Security Advisory 04.10.07 - Remote exploitation of a buffer overflow vulnerability in the Universal Plug-and-Play (UPnP) component of Microsoft Windows could allow an attacker to execute code in the context of the vulnerable service. The vulnerability specifically exists in the handling of HTTP headers sent to the UPnP control point as part of a request or notification. Because it processes certain fields without checking if there is enough storage space, a malicious request may cause a stack-based buffer overflow, potentially resulting in code execution. Related CVE Number: CVE-2007-1204.  Homepage: http://www.idefense.com/. Authored By Greg MacManus

iDefense Security Advisory 05.10.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Apple Inc.’s Darwin Streaming Proxy allows attackers to execute arbitrary code with the privileges of running service, usually root. Due to insufficient sanity checking, a stack-based buffer overflow could occur while trying to extract commands from the request buffer. The “is_command” function, located in proxy.c, lacks bounds checking when filling the ‘cmd’ and ’server’ buffers. Additionally, a heap-based buffer overflow could occur while processing the “trackID” values contained within a “SETUP” request. If a request with more than 32 values is encountered, memory corruption will occur. iDefense has confirmed the existence of these vulnerabilities in Darwin Streaming Server 5.5.4 and Darwin Streaming Proxy 4.1. It is suspected that earlier versions are also vulnerable. Related CVE Numbers: CVE-2007-0749,CVE-2007-0748.  Homepage: http://www.idefense.com/.

A remove buffer overflow in IBM Tivoli ManagedNode v3.6.x through 3.7.1 allows attackers to crash the spider process or execute arbitrary code on TMR ManagedNotes. An overly long GET request results in a buffer overflow with registers being overwritten with user supplied data, resulting in code execution as SYSTEM on NT or root on Unix. Tested on Solaris 8 (Sparc). Authored By Mark Rowe, Jeff Fay

A remote buffer overflow in IBM Tivoli Management Framework v3.6.x through 3.7.1 running on tcp port 9495 allows attackers to deny service or execute arbitrary code. An overly long GET request results in a buffer overflow with registers being overwritten with user supplied data, resulting in code execution as SYSTEM on NT or root on Unix. Tested on Windows 2000 and NT4 SP6a. Authored By Mark Rowe, Jeff Fay

iDefense Security Advisory 08.14.07 - Remote exploitation of a buffer overflow vulnerability within Microsoft Corp.’s XML Core Services may allow an attacker to execute arbitrary code in the context of the current user. The vulnerability specifically exists in incorrect checking being performed on the length argument to the substringData() method of an XMLDOM object. When certain length values are supplied, a large region of memory is copied into a buffer of insufficient size. iDefense confirmed the existence of this vulnerability using Internet Explorer 6.x on Windows XP SP2. It is suspected that other versions are also affected. Related CVE Number: CVE-2007-2223.  Homepage: http://www.idefense.com/.

iDefense Security Advisory 05.10.07 - Remote exploitation of a buffer overflow vulnerability within Novell Inc.’s NetMail allows attackers to execute arbitrary code with the privileges of the service. This vulnerability specifically exists within the SSL version of the “NMDMC.EXE” service. The application does not perform sufficient input validation when copying data into a fixed size stack buffer. When processing a specially crafted request made to this service, a stack-based buffer overflow occurs leading to corruption of program control registers saved on the stack. iDefense has confirmed the existence of this vulnerability within version 3.52e_FTF2 of Novell Inc’s NetMail. Older versions are suspected to be vulnerable.  Homepage: http://www.idefense.com/.

iDEFENSE Security Advisory 12.16.2004-5 - Remote exploitation of a stack-based buffer overflow vulnerability in Veritas Backup Exec allows attackers to execute arbitrary code. The vulnerability specifically exists within the function responsible for receiving and parsing registration requests. The registration request packet contains the hostname and connecting TCP port of the client which is stored in an array on the stack. An attacker can send a registration request with an overly long hostname value to overflow the array and take control of the saved return address to execute arbitrary code. Related CVE Number: CAN-2004-1172.  Homepage: http://www.idefense.com/. Authored By Patrik Karlsson