CERT Advisory CA-2003-14 - A buffer overflow vulnerability exists in a shared HTML conversion library included in Microsoft Windows. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service.
b53f69bfa8e7766a26dde5f6a8b8ab702e45522f94657c663889d3f20829e576
CERT Advisory CA-2003-13 - Two remote vulnerabilities in the Snort IDS, versions 1.8 through 2.0 RC allow remote execution of code as root. It is not necessary for the attacker to know the IP address of the Snort device they wish to attack; merely sending malicious traffic where it can be observed by an affected Snort sensor is sufficient to exploit these vulnerabilities. Fix available here.
5a3ec3a941e459dab6ee1434d872c4142fa7d76c874532b7b896c46b440d6bbe
CERT Advisory CA-2003-12 - A remote stack overflow in Sendmail 8.12.8 and below was discovered by Michal Zalewski which allows remote code execution as root. This bug is in the prescan code and is different than the recent sendmail bug described in CA-2003-07. Patch available here.
3d21a9619dd79160009046d99d48567be339543825a6a4ca7d4af3174e7a1a0c
CERT Advisory CA-2003-11 - Multiple vulnerabilities have been reported to affect Lotus Notes clients and Domino servers v5.0.12 through 6.0.1 including six exploitable buffer overflows. TCP port 1352 is a likely conduit for attack, however Lotus Notes often listens to Netbios, SPX, or XPC ports.
e27d809b3b46519651fd9c33ce0fe48d4fd080f6ce39735853eb2d4c8aa246cf
CERT Advisory CA-2003-10 - A buffer overflow vulnerability in SunRPC-derived XDR libraries causes several applications which use the rpcbind service to allow execution of arbitrary code or disclosure of sensitive information. In addition, intruders may be able to crash the MIT KRB5 kadmind or cause it to leak sensitive information, such as secret keys. Vulnerable code includes GNU Glibc 2.3.1 and below, Solaris 2.6, 7, 8 and 9, AIX 4.3.3 through 5.2.0, and MIT Kerberos vulnerabilities.
92bb7a155d55bee978d087832b574b932fdb2d49ea5b4819548a611928427a25
CERT Advisory CA-2003-09 - A buffer overflow vulnerability exists in Microsoft IIS 5.0 running on Microsoft Windows 2000. An overflow in ntdll.dll of WebDAV allows remote users to execute code in the local system context. See also ms03-007.
708a6e42bc3ff4aa44e0028cb77a1cc2907b40c01604aeadc7ebfc4e3a3b1b0f
CERT Advisory CA-2003-08 - There is increased activity targeting Windows shares over ports 137, 138, 139, and 445.
7337f51fe145e2591c367d1661c190e6aa65329a55c82197bdf6283b3482680d
CERT Advisory CA-2003-07 - Sendmail prior to 8.12.8 has a remote root vulnerability which can be exploited by a malicious mail message, allowing non-vulnerable MTA's to relay the exploit message to unpatched MTA's on an internal network. A successful attack against an unpatched sendmail system will not leave any messages in the logs. All Sendmail Pro, Sendmail Switch, and Sendmail for NT are also vulnerable. Fix available here.
e30f99a4f1539fc802ae45ac228a34841e7a4bb0387c42032299a105f9418235
CERT Advisory CA-2003-06 - Numerous vulnerabilities have been reported in multiple vendor implementations of the Session Initiation Protocol, or SIP, which may allow an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior.
92239b658525dff1c27f48b457af32ebc807d65b174c7082d08fb4a6bf2a2743
CERT Advisory CA-2003-05 - Systems running Oracle8 Database v 8.0.6, 8.1.7, Oracle9i Database (Release 1 and 2), and Oracle9i Application Server (Release 9.0.2 and 9.0.3) contain multiple remote vulnerabilities which can lead to the execution of arbitrary code, allow users to modify database records, or cause a denial of service, breaking the database.
04154bd5e08374b34f8d73fc2f8574a7028fe99b031c5c78ae866b696bdb989e
CERT Advisory CA-2003-04 - A quickly spreading Microsoft SQL worm exploits two vulnerabilities in Microsoft SQL Server 2000 over udp port 1434.
2156045bc493481a21bb196558ebda1f8230f899a20b3be2226698ea91039e55
CERT Advisory CA-2003-03 - Windows NT, 2000, and XP contains a buffer overflow in the Windows Locator service that allows remote attackers to execute arbitrary code via the netbios ports. More information available ms03-001.
eb59d294f1d6f4eaee6697e2747657bc9e967658f2af3c0df0b478e4ee4f8ed7
CERT Advisory CA-2003-02 - Systems running CVS Home project versions of CVS prior to 1.11.5 allow non-authenticated remote attackers with read only access to execute arbitrary code. Vendor status information available here.
17de6d4fcd37cb08a404a427065be676f4b3066c9a1c51f006c3a279d9291e05
CERT Advisory CA-2003-01 - There are multiple stack-based buffer overflows in ISC DHCP that are exploitable by sending a DHCP message containing a large hostname value allowing remote attackers to execute code with the privileges of the user running dhcpd.
2d70b42cde3f4a607ef0aa3df62e9ec9d5c773cc61d8028f912a4ce536d447e3
CERT Advisory CA-2002-37 - A buffer overflow vulnerability in the Microsoft Windows Shell allows remote attackers to execute arbitrary code via malicious email message, malicious web page, or browsing through a folder containing a malicious .MP3 or .WMA file. More information available here.
b026b59e3f14b7596aad9085a7b4d8183bb3649a364863979123a168facb9351
CERT Advisory CA-2002-36 - Multiple vendors' implementations of the secure shell (SSH) transport layer protocol contain vulnerabilities that could allow a remote attacker to execute arbitrary code with the privileges of the SSH process or cause a denial of service. The vulnerabilities affect SSH clients and servers, and they occur before user authentication takes place. OpenSSH is not vulnerable. More information available here.
fc2411c6232f4bec9861e44cc3a10cda790c69eb0b22484d00b48e73b52c0feb
CERT Advisory CA-2002-35 - Cobalt Raq4 systems with the Security Hardening Package installed allow remote attackers to execute code as root because overflow.cgi does not adequately filter input destined for the email variable.
0f6f2e8184209658ee339e366fe5d0badc0607061e7156cc51ba6d1df49804c4
CERT Quarterly Summary CS-2002-04 - Popular vulnerabilities being exploited by attackers these days include an Apache/mod_ssl worm, OpenSSL bugs, Trojan horse sendmail, libpcap, and tcpdump, multiple BIND bugs, and a heap overflow in Microsoft MDAC.
9533ea880a378b11d111894d5f2c202e138383a35bb1203499c902284363b2ee
CERT Advisory CA-2002-34 - The Solaris X Window Font Service (XFS) daemon (fs.auto) on Solaris 2.5.1 - 9 contains a remotely exploitable user nobody buffer overflow on Sparc and X86. More information available here.
118a68d4c0fbfa54c26e6e863c1366aa76248b8ce3f42da9c03a7112f43d62f7
CERT Advisory CA-2002-33 - Heap Overflow Vulnerability in Microsoft Data. A routine in the RDS component, specifically the RDS Data Stub function, contains an unchecked buffer. The RDS Data Stub function's purpose is to parse incoming HTTP requests and generate RDS commands. This unchecked buffer could be exploited to cause a heap overflow.
3545b3ca951a5477fd7faa99a4548d9b9e2f7fa3d5d6c97fe2714ab53ca3f119
CERT Advisory CA-2002-32 - Backdoor in Alcatel OmniSwitch 7700 and 7800 AOS version 5.1.1. A telnet server listens on TCP port number 6778, a backdoor that was originally used during development to access the Wind River Vx-Works operating system. Due to an oversight, this access was not removed prior to product release.
2cf513517b1b565638c67b4665449f278bd02bdf0c633bf392723ae847f0e980
CERT Advisory CA-2002-31 - BIND 8 has vulnerabilities that may allow remote attackers to execute arbitrary code with the privileges of the user running named which is usually root, or with the privileges of vulnerable client applications. The other vulnerabilities will allow remote attackers to disrupt the normal operation of DNS name service running on victim servers.
52bed20a304c98d442c6acd76de1296d8c5b8bf6427430451ecb349e59661f20
CERT Advisory CA-2002-30 - Released source code distributions of the libpcap and tcpdump packages were modified by an intruder and contain a trojan horse which, upon compile time, remote grabs a file from a fixed IP address which it then compiles and runs. The binary then goes to a fixed IP address and gets a one character response which enables the remote machine to trigger the spawning of a shell to the remote machine. The backdoor also explicitly ignores all traffic on port 1963.
b64a37a06e31968b926ac44608e1500e16cc51e74f8d09235f561baebdbbc9ac
CERT Advisory CA-2002-29 - Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges.
ade1559565293ec2b2c9c928b2296eda39bf2a45e36ead198be63f16931f4850
CERT Advisory CA-2002-28 - Sendmail 8.12.6 was backdoored on September 28, 2002 to include a trojan which executes commands via outbound port 6667 connections.
16f700ec7e3be326630cbd89d3cab6c28d0a9309c218ea8bbc19b8ac3b8c5d38