Apple Mac OS X CUPS printing system code execution
Published:		12.10.2008
Source:		BUGTRAQ
SecurityVulns ID:		9351
Type:		remote
Level:		6/10
Description:		Buffer overflow in HP-GL/2 filter.

Affected:		APPLE : MacOS X 10.4
CVE:		CVE-2008-3641 (The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.)

Original document

ZDI, ZDI-08-067: Apple CUPS 1.3.7 (HP-GL/2 filter) Remote Code Execution Vulnerability (12.10.2008)

Discuss:

Read or add your comments to this news (0 comments)

Apache Tomcat information leak
Published:		12.10.2008
Source:		BUGTRAQ
SecurityVulns ID:		9350
Type:		remote
Level:		5/10
Description:		Race conditions allow to bypass IP address check.

Affected:		APACHE : Tomcat 4.1
		APACHE : Tomcat 5.5
CVE:		CVE-2008-3271 (Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.)

Original document

APACHE, [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure (12.10.2008)

Discuss:

Read or add your comments to this news (0 comments)

CA ARCserve Backup multiple security vulnerabilities updated since 12.10.2008
Published:		15.10.2008
Source:		BUGTRAQ
SecurityVulns ID:		9352
Type:		remote
Level:		7/10
Description:		Code execution, multiple DoS conditions.

Affected:		CA : CA Server Protection Suite 2
		CA : CA Business Protection Suite 2
		CA : ARCserve Backup 11.1
		CA : ARCserve Backup 11.5
		CA : ARCserve Backup 12.0
CVE:		CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation.")
		CVE-2008-4399 (Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation.")
		CVE-2008-4398 (Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request.)
		CVE-2008-4397 (Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.)

Original document		VR-Subscription-noreply_(at)_assurent.com, [Full-disclosure] Assurent VR - CA ARCserve Backup DB Engine Denial of Service (15.10.2008)
		VR-Subscription-noreply_(at)_assurent.com, [Full-disclosure] Assurent VR - CA ARCserve Backup Tape Engine Denial of Service (15.10.2008)
		cocoruder, CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability (14.10.2008)
		CA, CA ARCserve Backup Multiple Vulnerabilities (12.10.2008)

Discuss:

Read or add your comments to this news (0 comments)