Multiple Vendors BIND ‘inet_network()’ Off-by-One Buffer Overflow Vulnerability
Related Files:
http://packetstormsecurity.com/0506-exploits/spa-promail4.ce-Post SPA-PRO Mail Solomon SPA-IMAP4S 4.01 service buffer overflow vulnerability bind shell exploit. Homepage: http://www.security.org.sg/vuln/spa-promail4.html.
http://packetstormsecurity.com/advisories/iss/iss.01-01-29.bindISS Security Alert - Remote Vulnerabilities in BIND versions 4 and 8. Bind 8 has a buffer overflow in the TSIG handling code - Bind 4 has several buffer overflows. Affected versions include v4.9.3 through 4.9.7 and 8.2 through 8.2.3-T9B. Fix available here. Homepage: http://xforce.iss.net.
http://packetstormsecurity.com/0710-advisories/pagemaker-overflow.txtAdobe Pagemaker versions 7.0.1 and 7.0.2 suffer from a buffer overflow vulnerability when handling long font names. Links to full advisory are provided however the author has removed the exploits related to the vulnerability. Homepage: http://vuln.sg/. Authored By Tan Chew Keong
http://packetstormsecurity.com/0608-advisories/lhaplus.txtLHAPlus version 1.52 suffers from a buffer overflow vulnerability. Homepage: http://vuln.sg/. Authored By Tan Chew Keong
http://packetstormsecurity.com/0705-advisories/yenc32.txtThe yEnc32 Decoder version 1.0.7.207 suffers from a long filename buffer overflow vulnerability. Homepage: http://vuln.sg/. Authored By Tan Chew Keong
http://packetstormsecurity.com/advisories/nai/COVERT-2001-01.bindNetwork Associates Security Advisory COVERT-2001-01 - BIND v8.2.2 to 8.2.3-T9B contains buffer overflows that allows a remote attacker to execute arbitrary code. The overflow is in the initial processing of a DNS request and therefore does not require an attacker to control an authoritative DNS server. This vulnerability not dependent upon configuration options and affects both recursive and non-recursive servers. Additional remote format string and buffer overflows affect v8.2 through 8.2.3-T9B and v4.9.3 to v4.9.7. ISC’s description of the problems available here. Fix available here. Homepage: http://www.pgp.com/covert. Authored By Covert Labs
http://packetstormsecurity.com/0710-advisories/lotusnotes702-en.txtMultiple exploitable buffer overflow vulnerabilities were found within the file attachment viewer in IBM Lotus Notes. The vulnerabilities can be exploited to execute arbitrary code by tricking the user to view a malicious DOC, SAM, WPD, or MIF file attachment using the file attachment viewer in Lotus Notes. Homepage: http://vuln.sg/. Authored By Tan Chew Keong
http://packetstormsecurity.com/0408-exploits/bjd361exp.cppProof of concept bindshell exploit code that makes use of a buffer overflow vulnerability found in BlackJumboDog FTP servers versions 3.6.1 and below. Homepage: http://www.security.org.sg/vuln/bjd361.html. Authored By Chew Keong TAN
http://packetstormsecurity.com/0510-advisories/10.13.05-1.txtiDEFENSE Security Advisory 10.13.05-1 - Local exploitation of a buffer overflow vulnerability in XMail, as distributed with multiple vendors’ operating systems, allows local attackers to execute arbitrary code with elevated privileges. iDEFENSE Labs has confirmed the existence of this vulnerability in XMail 1.21. Related CVE Number: CAN-2005-2943. Homepage: http://www.idefense.com.
http://packetstormsecurity.com/advisories/freebsd/FreeBSD-SA-02:43.bindFreeBSD Security Advisory FreeBSD-SA-02:43.bind - BIND 8 has two vulnerabilities. The BIND SIG Cached RR overflow allows a remote attacker to force a server with recursion enabled to execute arbitrary code with the privileges of the name server process. The BIND OPT DoS and BIND SIG Expiry Time DoS may cause a remote name server to crash. Homepage: http://www.freebsd.org/security/.
This entry was posted
on Friday, January 25th, 2008 at 8:00 am and is filed under Denial of Service, Vulnerabilities.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.